Jake Zack
2016-12-05 19:38:16 UTC
Should adding the <ManualRollover/> tag to both KSK and ZSK, then running "ods-ksmutil update kasp", change the "Date of next transition" as reported by "ods-ksmutil key list -verbose"?
Does ods-enforcer'd need to be kill -HUP'd to make this change take effect?
Am I right in understand that keys currently listed for rollover later in the month will in fact not be rolled over so long as the <ManualRollover/> tag is present?
Will the old rollover dates still be listed in the kasp database? Does this mean that upon removing <ManualRollover/> that enforcerd will immediately roll the keys?
Are there any other negative side effects to using ManualRollover temporarily?
Our use case:
New TLD coming online as a customer - currently signed
Need losing provider to publish and sign our DNSKEY's
ZSK DNSKEY is currently set to expire inside the DNS Operator transition window
Thanks all,
-jake
Does ods-enforcer'd need to be kill -HUP'd to make this change take effect?
Am I right in understand that keys currently listed for rollover later in the month will in fact not be rolled over so long as the <ManualRollover/> tag is present?
Will the old rollover dates still be listed in the kasp database? Does this mean that upon removing <ManualRollover/> that enforcerd will immediately roll the keys?
Are there any other negative side effects to using ManualRollover temporarily?
Our use case:
New TLD coming online as a customer - currently signed
Need losing provider to publish and sign our DNSKEY's
ZSK DNSKEY is currently set to expire inside the DNS Operator transition window
Thanks all,
-jake