[Opendnssec-user] Documentation on the state of keys?

Rick van Rein rick at openfortress.nl
Fri Feb 5 14:01:06 UTC 2010


> without explanations.

The man-pages give a bit more detail.

> but I never see GENERATED and DEAD and wonder what are their uses.

My guess is that you are not enforcing HSM backup before you allow
a key to be used by OpenDNSSEC.  This should put the keys in GENERATED

As for REVOKED and DEAD I'm also confused.

> (If I generate keys with ksmutil key generate, I do not see them in
> the output of ksmutil key list.)

That is the other possible cause why you don't see the GENERATED state :)


More information about the Opendnssec-user mailing list