[Opendnssec-user] Key (xxx) has gone straight to active use without a prepublished phase
Matthijs Mekking
matthijs at NLnetLabs.nl
Wed Aug 3 07:53:09 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Volker,
It would help if you could send the signer configuration and the files
in the /var/opendnssec/tmp directory (possibly off-list), to see which
module of openDNSSEC we have to track this.
Best regards,
Matthijs
On 08/02/2011 05:45 PM, Volker Janzen wrote:
> Hi all,
>
> today I noticed a problem in my OpenDNSSEC installation, which I don't
> understand. I had expired signatures for many domains in OpenDNSSEC. I
> was not able to figure out what might have caused this. I just found
> this strange log entries, which I do not understand:
>
> ods-auditor[7879]: Auditor started
> ods-auditor[7879]: Auditor starting on <domain1>.de
> ods-auditor[7882]: Auditor started
> ods-auditor[7882]: Auditor starting on <domain2>.de
> ods-auditor[7879]: SOA differs : from 2011080103 to 2011062380
> ods-auditor[7879]: Auditing <domain1>.de zone : NSEC3 SIGNED
> ods-auditor[7879]: Key (20188) has gone straight to active use without a
> prepublished phase
> ods-auditor[7879]: Finished auditing <domain1>.de zone
> ods-auditor[7882]: SOA differs : from 2011080103 to 2011062378
> ods-auditor[7882]: Auditing <domain2>.de zone : NSEC3 SIGNED
> ods-auditor[7882]: Key (40336) has gone straight to active use without a
> prepublished phase
> ods-auditor[7882]: Finished auditing <domain2>.de zone
>
> What might have cause this problem and how can I solve it now? The
> signatures are expired and I can't see any attempt of the signer to
> re-sign the zones.
>
>
> Kind regards
> Volker Janzen
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOOP5lAAoJEA8yVCPsQCW5dmwH/izE6HQV3DIDLLMvPV46uyMg
tDHqRjuKr8A1UCVOXguXtLU0UJxvkmhQIRAJe6ChAGeESe51xspxXPf/+RUTuHa9
0UoEkaZAmE+3ZDbQbDNOd3eTYt8T9ilvYD5bYVpIMvxGEwGPrgAvqMeZ4DXNX1rO
Sg7Dp9tnVEPBqrrNyCOX9bvBDcxJJgecTQ/e5C+pQheoz64nTL0f2KUvVQ1taPQ5
5do2XgYHjpXkAAthfXlHD0d0EevGzofCh4KF4TizkQaopQWcf6h84vtcIIrh79St
8xNxcHiD7nMIiBBygz/YN+zbPxqixXVTGe8986L/0eo//lvHXRTip1H3oXMGxTw=
=Nk0V
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list