[Opendnssec-develop] Enforcer NG

Rickard Bellgrim rickard at opendnssec.org
Thu Sep 15 07:24:16 UTC 2011

>> - "key list" says that the DS is rumoured, "key export" exports the
>> key, but "ds-submit" does not say anything.
> The key is probably already in submitted state. If you configured
> a DelegationSignerSubmitCommand then this program was
> started as the key transitioned from uncommited to submit.
> If the program  was started successfully then the key will make
> the transition to submitted and no longer shows up when you
> perform a 'key ds-submit' it will however show up when you do a
> 'key ds-seen' as that command shows the keys that are in 'submitted'
> state waiting to be marked as 'seen'.
> When you perform a 'key export' the state has to be either submit
> or submitted (or retract / retracted). I allow the re-export of a submitted key to
> handle the situation where a key "got lost in transit" on its way to the parent.
> Whenever a key is exported and is still in submit state, the key will then also
> transition to submitted state. Calling 'key ds-submit' will only show the keys
> that are in submit state and have never been submtited to the parent either
> via 'key export' or automatically via the DelegationSignerSubmitCommand.

Ok, I had the DelegationSignerSubmitCommand configured.

More information about the Opendnssec-develop mailing list