[Opendnssec-user] how does auditor calculate delays?
gilles.massen at restena.lu
Thu Jan 13 12:41:22 UTC 2011
I'm struggling to understand why auditor has been complaining: I had a
ZSK that was in use too long (because no further keys were generated).
So at that point I ussued a ksmutil key generate which worked perfectly.
After some time I saw then this:
ods-auditor: Key (24150) has gone to active use, but has only
been prepublished for 26946 seconds. Zone SOA ttl is 43200
Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
As a certainly unwanted sideeffect, the auditor (or the calling process)
didn't like that situation at all, as the auditor started to go over the
affected zones over and over again (restarting immediately after each run).
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
tel: (+352) 424409
fax: (+352) 422473
More information about the Opendnssec-user