Discussion:
[Opendnssec-user] Migrating from ODS 1.4.10 to 2.1.3
Vincent Levigneron
2018-02-02 10:48:09 UTC
Permalink
Hi,

I use ODS 1.4.10 and for all the TLDs I operate and I have standby DS in case of an
emergency KSK rollover. This concept does not exist in ODX 2.x.x (marked
as experimental in 1.x.x versions).
I would be interested to know if someone succeeded to have something
equivalent with the existing key states in ODS 2.x.x ?
Have I another choice that to give up standby DS if I decide to move to
ODS 2.1.3 ?

Best regards.

Vincent.
--
Vincent Levigneron A.F.N.I.C. ***@nic.fr
Yuri Schaeffer
2018-02-02 11:37:20 UTC
Permalink
Post by Vincent Levigneron
Have I another choice that to give up standby DS if I decide to move to
ODS 2.1.3 ?
In ODS 2 you can give the rollover command at any time, even while
currently in a rollover. The enforcer will immediately roll to the new
key without needing to finish the current roll. As such the standby key
concept does not make too much sense.

The price for dropping this feature is that from the start of the
emergency rollover you have to wait an additional DS set TTL.

//Yuri
Vincent Levigneron
2018-02-05 22:43:53 UTC
Permalink
Thanks Yuri for your answer,

Although having "emergency" and "wait an additional TTL" in the same
sentence is a little disturbing for mei %-) , I understand why you did not
kept this experimental (but usefull for me) feature.

Best regards.

Vincent.
Post by Yuri Schaeffer
Post by Vincent Levigneron
Have I another choice that to give up standby DS if I decide to move to
ODS 2.1.3 ?
In ODS 2 you can give the rollover command at any time, even while
currently in a rollover. The enforcer will immediately roll to the new
key without needing to finish the current roll. As such the standby key
concept does not make too much sense.
The price for dropping this feature is that from the start of the
emergency rollover you have to wait an additional DS set TTL.
//Yuri
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
--
Vincent Levigneron A.F.N.I.C. ***@nic.fr
Loading...