[Opendnssec-user] NOTE: keys generated in repository SoftHSM willnot become active until they have been backed up
Rickard Bellgrim
rickard at opendnssec.org
Mon Feb 27 13:14:53 UTC 2012
>> The KSK will not become active until you have uploaded the DS RR and
>> said ds-seen to the Enforcer. The first time you sign the zone, the
>> KSK will sign the DNSKEY RRset.
>
> This is obvious to me but why the KSK is in publish state?
This may explain it:
https://wiki.opendnssec.org/display/DOCS/Key+States
KSK Publish = Sign the RRset
KSK Ready = The data has propagated
KSK Active = You have uploaded the DS RR.
// Rickard
More information about the Opendnssec-user
mailing list