"Sara Dickinson" wrote in message
news:[email protected]...
>2012-07-17T07:11:55+02:00 christine ods-enforcerd: ERROR: Trying to make
>non-backed up ZSK active when RequireBackup flag is set
Yes, there are messages just like the above one, that's why I think the
backup work matters with keyrollover.
From our documentation page
(https://wiki.opendnssec.org/display/DOCS/conf.xml):
"<RequireBackup> is an optional element that specifies that keys from this
repository may not be used until they are backed up. If backup has been
done, then use 'ods-ksmutil' command to notify OpenDNSSEC about this. The
backup notification is needed for OpenDNSSEC to be able to complete a key
rollover."
What does that mean exactly? Will OpenDNSSEC continue to sign the zone with
the old key until the backup notification is done, or will it stop signing
the zone, because the old key is retiring and the new key is not yet ready?
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
