Hi there,
We are evaluating an HSM for use with OpenDNSSEC. The vendor has
suggested that we consider manually generating all the keys we are
likely to need up-front, so that we only ever need to do a single backup.
We're using this command to generate the keys:
ods-ksmutil key generate --policy default --interval [PERIOD]
where [PERIOD] is:
number of zones * expected life of the system
assuming 1 KSK rollover per year. We are planning on 100 zones and
optimistically a 10 year life for the system, equalling 1000 years.
When we try to generate this many keys, we get this error:
Error: unable to convert Interval P1000Y to seconds, error: interval too
long to be an int. E.g. Maximum is ~68 years on a system with 32-bit
integers.
This is on a 64bit system, so why do we get this error?
Thanks,
--
Gavin Brown
Chief Technology Officer
CentralNic Ltd
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries
https://www.centralnic.com/
CentralNic Ltd is a company registered in England and Wales with company
number 4985780. Registered Offices: 35-39 Moorgate, London, EC2R 6AR.
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
