I have another quick question about key algorithm rollover.  I saw some
mention of this while glancing through the rollover.c code, but didn't
notice any cleanup code.
Key algorithm rollover is a bit different to a regular KSK or ZSK rollover and nothing you should have to do mutch often. So this is currently not implemented and will not be implemented in the future (expcept someone will donate it).

Is it the case, that if I change my dnssec.conf file to use a different
algorithm (eg: NSEC3 instead of just NSEC supporting algorithms), then
it will generate a key set of active/standby keys, but not retire the
old ones?  Or, will those just get retired at the end of their lifetime
A key algorithm rollover should be done manually.
If the rollover is done, you can use ZKT for the regular stuff again.


Attachment: smime.p7s
Description: S/MIME Kryptografische Unterschrift

Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
zkt-users mailing list

Reply via email to