[Opendnssec-user] opendnssec on Ubuntu 10.04 32bit
Rickard Bellgrim
rickard at opendnssec.org
Fri Jul 1 08:57:12 UTC 2011
On Fri, Jul 1, 2011 at 10:47 AM, Bryton <bryton at tznic.or.tz> wrote:
> 1:I have saved the zone I want to sing to the unsigned source as the configs
> say and I was hoping ods-signer could sign it and I get the signed zone in
> the signed directory but I don't get anything.Further to this I decided to
> do ods-signer sign tz and I got Zone tz scheduled for immediate re-sign.
> why does it saying it immediately and I went to the signed directory nothing
> there.
The Signer Engine will only read the zone once you give it the
"ods-signer sign tz"-command. So every time you edit the zone.
Remember to give this command.
"ods-signer queue" will output what the Signer Engine is working with.
If something failed or if the zone was badly formated, then have a
look in syslog.
> 2:I hope now that all config are ok to get the DS so that I can publish to
> the parent How do i get this.
You can publish your DS once the KSK is in the ready state.
You can get the key in three different ways:
* See syslog
* Configure DelegationSignerSubmitCommand
* ods-ksmutil key export --zone tz --keystate ready --ds
> 3:I did the bellow command and see the list bellow:-
>
> root at ubuntu-serv-dnssec:/var/lib# ods-ksmutil key list --verbose --zone tz
> SQLite database set to: /var/lib/opendnssec/db/kasp.db
> Keys:
> Zone: Keytype: State: Date of next
> transition: CKA_ID:
> Repository: Keytag:
> tz KSK publish 2011-07-02
> 01:04:24 2861479296b2cb6ed0f884a479b5e99d
> SoftHSM 40949
> tz ZSK active 2011-07-31
> 11:04:24 880a44b2e853db6a26368ecdf292898d
> SoftHSM 48528
>
>
> Wat is the DATE OF NEXT TRANSITION.I was hoping it to be 2012-07-02 01:04:24
> (Meaning its after 1 year for KSK ) ZSK is ok i think.
A key goes between different states.
KSK: Publish -> Ready -> (submit ds and ds-seen) -> Active
At this time you will have 1 year until the next transition.
// Rickard
More information about the Opendnssec-user
mailing list