[Opendnssec-user] ZSK expired

Casper Gielen c.gielen at uvt.nl
Fri Jan 7 13:59:34 UTC 2011


Op 07-01-11 14:35, Sion Lloyd schreef:
> On Friday 07 Jan 2011 1:00:33 pm Casper Gielen wrote:
>> Dec 26 13:53:58 metagross ods-enforcerd: Config will be output to
>> /var/lib/opendnssec/signconf/example.net.xml.
> 
> Was this file actually written as claimed? 

Yes

opendnssec/signconf# ls -al lisspanel.net.xml*
-rw-r--r-- 1 root root 1541 Jan  5 17:49 lisspanel.net.xml
-rw-r--r-- 1 root root 1541 Jan  2 15:38 lisspanel.net.xml.OLD

So the file does get overwritten as it should be.
These two files are identical, except for the nsec3 salt.


> Do the keys in it match those indicated by ods-ksmutil key list?

opendnssec/signconf# grep -A2 257 example.net.xml
	<Flags>257</Flags>
	<Algorithm>7</Algorithm>
	<Locator>3c82d67b1b7b717055af9cbb3255e783</Locator>                                                                                                                                              
                                                                                                                                                                                                                                 
opendnssec/signed# ods-ksmutil key list --zone example.net -v |grep active                                                                                                                             
SQLite database set to: /var/lib/opendnssec/db/kasp.db
example.net  KSK  active  2011-11-29 14:35:10  3c82d67b1b7b717055af9cbb3255e783  SoftHSM  15858
example.net  ZSK  active  2011-01-25 13:53:58  d7983d5faeeb636f944b318bcc7b1a72  SoftHSM  19023

(extra whitespace trimmed for readability)

-- 
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981  63B8 2214 083C F80E 4AF7

Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110107/e6caf753/attachment.bin>


More information about the Opendnssec-user mailing list