[Opendnssec-user] DNSKEY will expire in 11.6381365740741 days (kskwarn is 12.0)
matthijs at nlnetlabs.nl
Tue Dec 10 11:16:59 UTC 2013
On 12/10/2013 11:55 AM, Volker Janzen wrote:
> Hi Matthijs,
>> - Increase the verbosity of the signer (ods-signer verbosity 5) and see
>> if there is something in the logs then
> okay, tried to add this to the init script.
>> - Get the queue: ods-signer queue
> Still this output:
> root at a:~# ods-signer queue
> It is now Tue Dec 10 11:52:48 2013
> I have 1 tasks scheduled.
> On Tue Dec 10 12:29:35 2013 I will [sign] zone dnssec.cc
>> - Check the nagios configuration and see if it matches the kasp.xml
>> validity and refresh values.
> I assume after three days something should happen. And I assume if
> something expires in less than 12 days, the Validity should have catched
> something and resign?
Because a pictures says more than a thousand words, I would like to
Thus nagios should complain when the signature expires in less than 3
days. Actually: less than 3 days minus the resign period so 3 days minus
More information about the Opendnssec-user