[Opendnssec-user] Key has gone straight to active use ..

Sander Smeenk ssmeenk at freshdot.net
Fri May 18 13:34:05 UTC 2012


i'm experiencing the 'key (NNN) has gone straight to active use without
a prepublished phase' error from the ods-auditor.

While i totally agree on not automatically publishing such zones, there
seems not to be any way to tell ODS that this key pair is actually valid
and it should 'just accept' that the key has 'gone straight to active
use' because 'i told you so'.

Am i missing an option or a binary?

Disabling the auditor in the configuration or hacking XML-files just
so the signing finishes correctly is not what i consider a nice fix
for these situations.


I think what happend to this zone is; it's DS was published
automatically just before the NL-zone reloads. The automated 'is DS
available for $domain in ds-seen state'-checker i wrote found the DS
active only 15 minutes after it being published and marked the key
active, way before ODS expected that to happen(??).

It's hard to tell what timing value actually deals with this.

Could my theory be valid?

With regards,
| If cats and dogs didn't have fur would we still pet them?
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2

More information about the Opendnssec-user mailing list