[Opendnssec-user] Version 1.1.0 and KSK rollover logic
Sion Lloyd
sion at nominet.org.uk
Wed Jun 2 12:27:59 UTC 2010
On Wednesday 02 Jun 2010 7:59:31 am Lens Frederic wrote:
> Hi all,
> I'm new to DNSSEC but I seem to be having the same kind of problem as Antti
> (if not, sorry, should have started another topic)
>
> Basically, I'm starting from scratch. New zone, new SoftHSM token, new
> database initiated with ods-ksmutil setup.
<snip>
I think that most of the misunderstanding here is due to our documentation...
I am looking at updating:
http://trac.opendnssec.org/wiki/Signer/Using/Running
but it is still work in progress.
The first thing that is not happening is the initial KSK moving into the
active state, this happens on the first ds-seen which is slightly after the
start of the process due to propagation delays. I have started to document
this in the section "KSK in fresh zones".
The second point is the KSK in the dspublish state will move into the dsready
state at the time stated. Then the next transition will read "next rollover".
Sion
More information about the Opendnssec-user
mailing list