[Opendnssec-user] how does auditor calculate delays?

Gilles Massen gilles.massen at restena.lu
Thu Jan 13 12:41:22 UTC 2011


I'm struggling to understand why auditor has been complaining: I had a
ZSK that was in use too long (because no further keys were generated).
So at that point I ussued a ksmutil key generate which worked perfectly.
After some time I saw then this:

ods-auditor[20026]: Key (24150) has gone to active use, but has only
been prepublished for 26946 seconds. Zone SOA ttl is 43200

Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
but SOA?

As a certainly unwanted sideeffect, the auditor (or the calling process)
didn't like that situation at all, as the auditor started to go over the
affected zones over and over again (restarting immediately after each run).


Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473

More information about the Opendnssec-user mailing list