[Opendnssec-user] Auditor Problem (ods 1.3.9)
klaus.mailinglists at pernau.at
Fri Jun 28 15:06:34 CEST 2013
For testing I created a policy with rather short intervals (see below).
I now have the problem, that I have to disable the auditor as it complains:
ods-auditor: test : Key (6670) has gone straight to active use
without a prepublished phase
Of course this is not true. There was a publish phase, but it transits
from "ready" to "active" without waiting (I think this should be allowed).
I inspected the key events in the sqlite DB:
So, the key was in PUBLISH phase for 100 seconds. I use short TTLs
(60s), thus this should be fine.
Is this a bug in the auditor or do I miss something here?
Inspecting the zone I see that every RR in the zone has a TTL of 60,
except the NSEC3PARAM and its RRSIG do have a TTL of 3600?
Where is this TTL coming from? May this be the source of my problems?
<!-- <OptOut/> -->
<!-- Parameters for both KSK and ZSK -->
<!-- <ShareKeys/> -->
<!-- <Purge>PT20M</Purge> -->
<!-- Parameters for KSK only -->
<!-- Parameters for ZSK only -->
<!-- <ManualRollover/> -->
More information about the Opendnssec-user