On Wed, 9 Jan 2013, Jerry Lundström wrote:
On 9 jan 2013, at 06:47, Paul Wouters <[email protected]> wrote:
It might be useful to not allow different algorithm keys to be
associated to a single zone, since algorithm rollover isn't
supported yet. And it really upsets the signer daemon so it
stops working.
Could you provide step by step (+command line) how you did this and
version so we can replicate and fix it?
I cannot tell for sure as I did not do it, but I think along the lines
of:
Run a zone with algo 7. Edit default policy and change to algo 8. Run
ods-ksmutil update all. Attempt to initiate a KSK rollover.
Paul
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
