Hi Jack, > Has something drastically changed here? Or did I do something different > this time in setting up this test environment that could be causing this?
There is no explicit feature regarding the order of unused keys. If this work before it was by luck. There might have been changes in the key selection. We had quite some fixes in the HSM interfacing code. However if you run the two enforcers of the same version I see no reason why they would not select the same key. I suspect you also upgraded the database software the enforcer uses to store references to these keys. Unless specified, SQL results return in no specific order. So this might depend on version, build, or windspeed. This will be no different for OpenDNSSEC 2. Also you have very little guarantee both enforcers would run exactly the same without drift. Especially on operations where user input is required. Regards, Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
