Hi,
after reading the documentation and manual pages I do have difficulties in
understanding the complete process of a manual ZSK rollover intervention when
all rollovers are normally performed automatically.
Example:
1) Running 'ods-enforcer key rollover --keytype zsk —zone XYZ' at 10:00 on
2019-12-05, I do immediately see (e.g):
XYZ ZSK active 2019-12-05 22:00:00 2048 8 11111
XYZ ZSK publish 2019-12-05 22:00:00 1280 8 22222
2) Thus, 12 hours later the newly generated ZSK will become published.
Ok, understood.
But how does one continue when one wants to speed up the remaining process of
publication and retirement? I couldn't find specific parameters in the
documentation to override those in kasp.xml. Does one need to modify the
relevant timing settings in kasp.xml, instead?
Background: I want to 1) modify my ZSK key length and 2) modify algorithms
(from 8 to 13) for both KSK and ZSK afterwards. This I want to speed up
somehow. (Yes I am aware of the implications if the rollover is too short.)
Thanks in advance and with kind regards,
Michael
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
