[Opendnssec-develop] States and rollovers in Enforcer NG
Yuri Schaeffer
yuri at NLnetLabs.nl
Mon May 30 08:56:45 UTC 2011
Hi Rickard,
> Is it possible to get summarized view of the key state and what action
> is needed by the user, e.g. send DS to parent. Or when the next
> rollover is expected?
A rollover is a more organic process now. Currently you can get an
indication of the first required 'action' for this zone with
"ods-enforcer zone list". It's not specified what this action will be in
advance.
What we could do is give the time when the policy dictates a new key is
required and will be inserted, but I have to talk to Rene about the
interface. Does this sound useful?
"key ds-submit" indicates which DS records should be submit to the
parent. with "key ds-seen" the user can indicate / view he did in fact
submit it.
> Now you do not know if the key is considered as active or not.
I just added two columns to key list indicating that. It is literally
what will be written in the signer configuration.
//Yuri
--
Yuri Schaeffer
NLnet Labs
http://www.nlnetlabs.nl
More information about the Opendnssec-develop
mailing list