Should adding the <ManualRollover/> tag to both KSK and ZSK, then running
"ods-ksmutil update kasp", change the "Date of next transition" as reported by
"ods-ksmutil key list -verbose"?
Does ods-enforcer'd need to be kill -HUP'd to make this change take effect?
Am I right in understand that keys currently listed for rollover later in the
month will in fact not be rolled over so long as the <ManualRollover/> tag is
present?
Will the old rollover dates still be listed in the kasp database? Does this
mean that upon removing <ManualRollover/> that enforcerd will immediately roll
the keys?
Are there any other negative side effects to using ManualRollover temporarily?
Our use case:
New TLD coming online as a customer - currently signed
Need losing provider to publish and sign our DNSKEY's
ZSK DNSKEY is currently set to expire inside the DNS Operator
transition window
Thanks all,
-jake
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
