[Opendnssec-develop] [OpenDNSSEC] #194: ods-ksmutil generates more keys than needed
OpenDNSSEC
owner-dnssec-trac at kirei.se
Fri Nov 5 01:41:08 UTC 2010
#194: ods-ksmutil generates more keys than needed
-----------------------------------------------------+----------------------
Reporter: Sebastian Castro <sebastian@…> | Owner: matthijs
Type: defect | Status: new
Priority: minor | Component: Signer
Version: trunk | Keywords:
-----------------------------------------------------+----------------------
In the attached file you will find two runs of 'ods-ksmutil key generate'.
During the first, creates 3 KSK and 5 ZSK which is fine. The second run,
10 seconds later, generates the same number of keys.
The issues seems to be in KsmKeyPairCreate: the keys are added to the
keypairs table, but not the dnssseckeys table with state GENERATE, leading
to be seen with 'empty' status in KEYDATA_VIEW. When cmd_genkeys tries to
find the number of keys in the pool (via KsmKeyCountStillGood), it can't
find them because they don't match the condition, forcing the generation
of keys.
Also monitoring the status of KEYDATA_VIEW entries for an specific policy,
I noticed it went from 'empty' to status=2 (PUBLISH) when a key was used
for incoming ZSK during normal processing.
--
Ticket URL: <http://trac.opendnssec.org/ticket/194>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list