[Opendnssec-user] Different TTL used in full and partial audit.

Alex Dalitz AlexD at nominet.org.uk
Wed Jan 11 12:12:24 UTC 2012


Hi - 

On 11 Jan 2012, at 09:52, Göran Bengtson wrote:

> The call to key_tracker.process_key_data have different parameters
> in auditor.rb and partial_auditor.rb. If I remember correct, there was
> a bug-fix that corrected the TTL used to verify key usage/state-
> transitions. Howver, I don't think the fix made it info the partial
> auditor.
> 
> In the 1.3-branch:
> 
> fgrep process_key_data  auditor/lib/kasp_auditor/*auditor.rb
> auditor/lib/kasp_auditor/auditor.rb:        @key_tracker.process_key_data(@keys, @keys_used, @soa.serial, @config.keys.ttl)
> auditor/lib/kasp_auditor/partial_auditor.rb:      @key_tracker.process_key_data(@keys, @keys_used, @soa.serial, @config.soa.ttl)
> 
> The partial auditor still use the SOA TTL, not the DNSKEY TTL.

Thanks very much for pointing this out! This has now been fixed in svn r6053, which will make it into the 1.3.5 release.

Thanks,


Alex.


More information about the Opendnssec-user mailing list