[Opendnssec-user] ksk-roll bug or misunderstanding?

sion at nominet.org.uk sion at nominet.org.uk
Mon Mar 15 11:34:58 UTC 2010


> I am trying to do a ksk-roll om an imported zone (previously managed
> manually), but something seems to go wrong.  Transition process was done
> just as defined on the "Using OpenDNSSEC" web page. What I did:

So one thing is there is a bug in v1.0.0 where the key import doesn't work
correctly. I suspect this to be the case from the output:

> SQLite database set to: /var/lib/opendnssec/kasp.db
> tomhendrikx.nl                  KSK           active
> �9گT.G�`CG��Xگ�9گ��9�  a2                                softHSM
>                    4665
> tomhendrikx.nl                  KSK           ready     next rollover
>           6e6919ffc1d34ccc8f14c338d7ff843b  softHSM
>       47140

where the random string output is a sign of the import bug.

There are 2 things that I can suggest; firstly try the code in trunk and
redo the import. If that is not practical for you then if you specify the
retire time of the key as you import it the bug should not be hit.

If these steps do not work, and if you are willing, could you send me a
copy of your kasp.db off-list? I will see if there is another issue that
might cause the rollover to fail.

Thank you.

Sion


More information about the Opendnssec-user mailing list