[Opendnssec-user] how does auditor calculate delays?

Alex Dalitz AlexD at nominet.org.uk
Wed Feb 2 14:48:49 UTC 2011


Hi - 

Firstly, apologies for the delay in responding to this.

On 13 Jan 2011, at 12:41, Gilles Massen wrote:

> I'm struggling to understand why auditor has been complaining: I had a
> ZSK that was in use too long (because no further keys were generated).
> So at that point I ussued a ksmutil key generate which worked perfectly.
> After some time I saw then this:
> 
> ods-auditor[20026]: Key (24150) has gone to active use, but has only
> been prepublished for 26946 seconds. Zone SOA ttl is 43200
> 
> Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
> but SOA?

The auditor specification has now been changed to use the DNSKEY TTL, and the implementation fixed in svn r4369.

Thanks for the report,


Alex.


More information about the Opendnssec-user mailing list