[Opendnssec-develop] Enforcer NG
Rickard Bellgrim
rickard at opendnssec.org
Thu Sep 15 07:24:16 UTC 2011
>> - "key list" says that the DS is rumoured, "key export" exports the
>> key, but "ds-submit" does not say anything.
>
> The key is probably already in submitted state. If you configured
> a DelegationSignerSubmitCommand then this program was
> started as the key transitioned from uncommited to submit.
> If the program was started successfully then the key will make
> the transition to submitted and no longer shows up when you
> perform a 'key ds-submit' it will however show up when you do a
> 'key ds-seen' as that command shows the keys that are in 'submitted'
> state waiting to be marked as 'seen'.
>
> When you perform a 'key export' the state has to be either submit
> or submitted (or retract / retracted). I allow the re-export of a submitted key to
> handle the situation where a key "got lost in transit" on its way to the parent.
> Whenever a key is exported and is still in submit state, the key will then also
> transition to submitted state. Calling 'key ds-submit' will only show the keys
> that are in submit state and have never been submtited to the parent either
> via 'key export' or automatically via the DelegationSignerSubmitCommand.
Ok, I had the DelegationSignerSubmitCommand configured.
More information about the Opendnssec-develop
mailing list