Hi,
I upgraded an old OpenDNSSEC 1.4 installation to OpenDNSSEC 2.0.4
(Debian 9). After migrating the kasp.db only the active keys have been
migrated, the pre-generated and unused ZSKs and KSKs (to fullfil the
policy requirements for at least one year into the future) were ignored.
The keys are still in the (Hardware-)HSM.
If I add them with "ods-control enforcer key import ... --state
generated" the keys will be published to the zone immediately (fe. if I
added 4 zsks I ended up with 1 active ZSK and 4 ZSK with state publish).
How can I add the keys and tell OpenDNSSEC to use them only if a key
rollover according to the policy is processed?
Thanks in advance and Best,
Michael
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
