3 Bře
2019
3 Bře
'19
18:45
Hi Thomas,
Have you submitted the initial KSK (it shouldn't be in the ready state)?
If it isn't submitted, no further rollover can happen.
Try something like:
policy:
- id: test
ksk-lifetime: 1200
zsk-lifetime: 600
propagation-delay: 0
dnskey-ttl: 60
And ensure the maximum TTL value in the zone is low.
Best,
Daniel
On 2019-03-03 17:26, Thomas wrote:
Hi,
we are testing knot at the moment and are struggling with the concept
of
automatic KSK rollovers. We are planning to fetch the current CDS for
further automatic processing and try to figure out how to achieve a
policy that performs KSK rollovers in a short period of time for
testing
purposes. Until now we have not seen any KSK rollovers and we are not
sure why this is not happening. Can someone show me an example of a
policy that schedules a KSK rollover within a very short period, let's
say once a day? What policy parameters must be set? And what must be
the
zone's parameters in terms of TTL and SOA values (expire, refresh,
etc)?
Thanks a lot,
Thomas