[Opendnssec-user] how does auditor calculate delays?

Alex Dalitz AlexD at nominet.org.uk
Wed Feb 2 14:48:49 UTC 2011

Hi - 

Firstly, apologies for the delay in responding to this.

On 13 Jan 2011, at 12:41, Gilles Massen wrote:

> I'm struggling to understand why auditor has been complaining: I had a
> ZSK that was in use too long (because no further keys were generated).
> So at that point I ussued a ksmutil key generate which worked perfectly.
> After some time I saw then this:
> ods-auditor[20026]: Key (24150) has gone to active use, but has only
> been prepublished for 26946 seconds. Zone SOA ttl is 43200
> Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
> but SOA?

The auditor specification has now been changed to use the DNSKEY TTL, and the implementation fixed in svn r4369.

Thanks for the report,


More information about the Opendnssec-user mailing list