>> Would keys be reused for new zones if they were previously associated >> with a different zone? I don't like the idea of that. > > Yes (I just tested it with ODS 1.3.9). > > Keys will be generated in the HSM and are stored in the kasp.db. In > kasp.db the active keys are assigned to a certain zone, but the > "not-yet-active" keys are only assigned to a policy, thus they will also > be used by zones which were added later, but use the same policy.
That makes sense. I'll bear that in mind if we move into production. G. -- Gavin Brown Chief Technology Officer CentralNic Ltd Innovative, Reliable and Flexible Registry Services for ccTLD, gTLD and private domain name registries https://www.centralnic.com/ CentralNic Ltd is a company registered in England and Wales with company number 4985780. Registered Offices: 35-39 Moorgate, London, EC2R 6AR. _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
