Hi Erik, On 10 mar 2014, at 08:52, "Erik P. Ostlyngen" <[email protected]> wrote:
I understand. We'll use a 10 years or longer lifetime then. What confused me is that OpenDNSSec created a new key and published it in my zonefile, waiting for me to complete the rollover by issuing a ds-seen command. This looks very similar to the automatic KSK rollover (which also stops waiting for me to issue a ds-seen command). This makes me wonder what difference the ManualRollover tag makes. Ah, I see now why you might be confused. ManualRollover is the default behavior of KSK, there is no automatic because that would break your zone. Adding <ManualRollover> does not change anything for the KSK. -- Jerry Lundström - OpenDNSSEC Developer http://www.opendnssec.org/
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
