> Actually, I find that feature rather strange. What other software on > a unix server is asserting that you manually tell it you made a > backup before it can be used? > > IMHO, that's a feture best retired, especially because it is giving > people issues to start signing in the first place. But if people > want to keep it, allow signing anyway, but nag via a daily cron job?
The feature is turned off by default. So people should not have a problem unless it is enabled by them. You enable it by adding the <RequireBackup /> for your repository in conf.xml. Most security features in Unix are localized. DNS is global and have its special properties. If you loose your keys, then the only way of replacing them is to first go unsigned. If you e.g. accidently delete your server's SSH key, then you can replace it and the users will just get a warning that a new key is present at the server, which can be overridden. You do not need disable the security mechanisms and have anonymous access to the server. With DNSSEC, if you just switch your keys without going unsigned or doing a proper key rollover (which you can't since you lost your keys), the resolvers will/may have cached information which makes it impossible to validate the data and the user will be denied access to the information. // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
