On Mon, 18 Jun 2012, Sara Dickinson wrote:
Hi Sara,
The major changes over the alpha-2 snapshot are the implementation of both
MySQL and SQLite database backends and support for pre-generation of keys on
the HSM. For details see: http://svn.opendnssec.org/tags/OpenDNSSEC-2.0.0a3/NEWS
What do you mean with "Enforcer: Pre-generate keys on the HSM"?
I was already pre-generating keys with an HSM, though experienced that
multiple opendnssec instances with multiple HSMs did not pick the same
key order when rolling the ZSK.
The man page for ods-ksmutil already states:
"If configured to, OpenDNSSEC will automatically create keys when
the need arises. This command can be used to pregenerate keys
(maybe for the expected lifetime of an HSM)"
So I am a little confused what this new option does.
Regards,
Paul
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
