[Opendnssec-develop] States and rollovers in Enforcer NG

Rickard Bellgrim rickard at opendnssec.org
Mon May 30 11:40:22 UTC 2011


On Mon, May 30, 2011 at 10:56 AM, Yuri Schaeffer <yuri at nlnetlabs.nl> wrote:
> Hi Rickard,
>
>> Is it possible to get summarized view of the key state and what action
>> is needed by the user, e.g. send DS to parent. Or when the next
>> rollover is expected?
>
> A rollover is a more organic process now. Currently you can get an
> indication of the first required 'action' for this zone with
> "ods-enforcer zone list". It's not specified what this action will be in
> advance.

Is this basically the item that should be scheduled in the queue?
Currently the queue is empty.

> What we could do is give the time when the policy dictates a new key is
> required and will be inserted, but I have to talk to Rene about the
> interface. Does this sound useful?

Yes, because then you know when future key rollovers will happen.

> "key ds-submit" indicates which DS records should be submit to the
> parent. with "key ds-seen" the user can indicate / view he did in fact
> submit it.

The ZSKs are now included in that list. Do we need to have them there?

>> Now you do not know if the key is considered as active or not.
>
> I just added two columns to key list indicating that. It is literally
> what will be written in the signer configuration.

Thanks, this made it easier to see the state of the zone.



More information about the Opendnssec-develop mailing list