> So I have an extra KSK in state rumoured with no key roll scheduled but active > in the zone. Is this to be expected?
My guess is that your KASP states manual rollover for KSK. Therefore it plans no future roll overs. The extra key is then either because you gave a manual rollover command or -this is likely the case- a standby key that your 1.4 installation used. 2.x doesn't have/need the concept of standby keys, as it will be able to roll to a new key /any/ time. Since it doesn't have this concept it just 'rolls' with it. I advice the execute a rollover command for that zone for KSK. The current 2 keys will then be replaced by one new KSK. The extraneous KSK should go away quite fast since it doesn't have its DS uploaded yet. //Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
