Hi Erik, On 10 mar 2014, at 07:54, "Erik P. Ostlyngen" <[email protected]> wrote:
My reason for having a 4h key lifetime here is that I wanted to observe what OpenDNSSec does at the time of key rollover. The question (which was not so clear in my first message) is whether the ManualRollover tag prevents OpenDNSSec from initiating an automatic rollover when the key expires? That is what I expected, but OpenDNSSec seems to roll the key regardless of the ManualRollover tag. Maybe the tag has a different purpose than what I thought it had? >From what you said in your previous email everything is working as it should. It did not roll the KSK but it prepared a new KSK for you to roll to since you have 4h lifetime. If you don't wish to have that behavior you need to set a lifetime like 10-100 years. /Jerry -- Jerry Lundström - OpenDNSSEC Developer http://www.opendnssec.org/
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
