[Opendnssec-develop] [OpenDNSSEC] #194: ods-ksmutil generates more keys than needed

OpenDNSSEC owner-dnssec-trac at kirei.se
Fri Nov 5 01:41:08 UTC 2010

#194: ods-ksmutil generates more keys than needed
Reporter:  Sebastian Castro <sebastian@…>            |       Owner:  matthijs
    Type:  defect                                    |      Status:  new     
Priority:  minor                                     |   Component:  Signer  
 Version:  trunk                                     |    Keywords:          
 In the attached file you will find two runs of 'ods-ksmutil key generate'.
 During the first, creates 3 KSK and 5 ZSK which is fine. The second run,
 10 seconds later, generates the same number of keys.

 The issues seems to be in KsmKeyPairCreate: the keys are added to the
 keypairs table, but not the dnssseckeys table with state GENERATE, leading
 to be seen with 'empty' status in KEYDATA_VIEW. When cmd_genkeys tries to
 find the number of keys in the pool (via KsmKeyCountStillGood), it can't
 find them because they don't match the condition, forcing the generation
 of keys.

 Also monitoring the status of KEYDATA_VIEW entries for an specific policy,
 I noticed it went from 'empty' to status=2 (PUBLISH) when a key was used
 for incoming ZSK during normal processing.

Ticket URL: <http://trac.opendnssec.org/ticket/194>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list