[Opendnssec-user] opendnssec on Ubuntu 10.04 32bit

Bryton bryton at tznic.or.tz
Fri Jul 1 09:17:42 UTC 2011

Thanks Richard,

Now this means that if I want to sign the zone before KSK is in ACTIVE 
state it is not possible.and further to this What can I do to make the 
KSK to move from Publish to Active as soon as possible?This is because 
After checking the queue I have seen the bellow

I have 1 tasks scheduled
It is now Fri Jul  1 12:13:51 2011
On Fri Jul  1 13:37:31 2011 I will sign zone tz

This means that I want KSK to be ready before the time schedule to sign 
the zone.

Rickard Bellgrim wrote:
> On Fri, Jul 1, 2011 at 10:47 AM, Bryton<bryton at tznic.or.tz>  wrote:
>> 1:I have saved the zone I want to sing to the unsigned source as the configs
>> say and I was hoping ods-signer could sign it and I get the signed zone in
>> the signed directory but I don't get anything.Further to this I decided to
>> do  ods-signer sign tz   and I got Zone tz scheduled for immediate re-sign.
>> why does it saying it immediately and I went to the signed directory nothing
>> there.
> The Signer Engine will only read the zone once you give it the
> "ods-signer sign tz"-command. So every time you edit the zone.
> Remember to give this command.
> "ods-signer queue" will output what the Signer Engine is working with.
> If something failed or if the zone was badly formated, then have a
> look in syslog.
>> 2:I hope now that all config are ok to get the DS so that I can publish to
>> the parent How do i get this.
> You can publish your DS once the KSK is in the ready state.
> You can get the key in three different ways:
> * See syslog
> * Configure DelegationSignerSubmitCommand
> * ods-ksmutil key export --zone tz --keystate ready --ds
>> 3:I did the bellow command and see the list bellow:-
>> root at ubuntu-serv-dnssec:/var/lib# ods-ksmutil key list --verbose --zone tz
>> SQLite database set to: /var/lib/opendnssec/db/kasp.db
>> Keys:
>> Zone:                           Keytype:      State:    Date of next
>> transition:  CKA_ID:
>> Repository:                       Keytag:
>> tz                              KSK           publish   2011-07-02
>> 01:04:24       2861479296b2cb6ed0f884a479b5e99d
>> SoftHSM                           40949
>> tz                              ZSK           active    2011-07-31
>> 11:04:24       880a44b2e853db6a26368ecdf292898d
>> SoftHSM                           48528
>> Wat is the DATE OF NEXT TRANSITION.I was hoping it to be 2012-07-02 01:04:24
>> (Meaning its after 1 year for KSK ) ZSK is ok i think.
> A key goes between different states.
> KSK: Publish ->  Ready ->  (submit ds and ds-seen) ->  Active
> At this time you will have 1 year until the next transition.
> // Rickard


More information about the Opendnssec-user mailing list