On 24/05/12 14:42, Sander Smeenk wrote:
Quoting Göran Bengtson ([email protected]):2 This is serious. Immediately after the ods-ksmutil update command is given ODS gets seriously confused about the keys in ANOTHER, remaining zone. A new ZSK key is generated, and the active ZSK dissapears (is not used anymore). ods-ksmutil key list only show the KSK key and the newly generated ZSK key (in publish state).This is (almost?) exactly what happend in my setup yesterday.
I think that I have found out what is going on; if you delete a zone that is on a policy that does not share keys the wrong keys can be deleted.
I'm just checking my fix; but for now if your policy does not share keys then I'd advise you not to delete zones.
Sion _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
