Re: [Opendnssec-user] NOTE: keys generated in repository SoftHSM willnot become active until they have been backed up
denethorr
denethorr at o2.pl
Mon Feb 27 13:09:05 UTC 2012
Rickard Bellgrim <rickard at opendnssec.org> wrote:
> The KSK will not become active until you have uploaded the DS RR and
> said ds-seen to the Enforcer. The first time you sign the zone, the
> KSK will sign the DNSKEY RRset.
This is obvious to me but why the KSK is in publish state?
ods-ksmutil key list
Keys:
Zone: Keytype: State: Date of next transition:
xxx.com ZSK active 2012-03-28 11:52:15
xxx.com KSK publish 2012-02-28 01:52:15
Best Regards,
Jan
More information about the Opendnssec-user
mailing list