Hi Fredrik, > When I was happy with it, I got my DS records published in the .net zone > and after that I wanted to move the zone to policy default. Turns out, > keys are secretly associated with policys for some reason, so opendnssec > wanted to generate a new KSK but failed since the YubikeyNEO4PIV > repository doesn't support key generation. I did not want to generate > new KSKs.
As far as I know OpenDNSSEC 1.x does not support this kind of operation. Keys are linked to a policy since the policy dictates their parameters and more important lifetime and TTL's. > How should one go about moving a zone from one policy to another? Don't > tell me how to do it in sqlite3, I've already figured that out ;). This is IMHO your best/only option. regards, Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
