[Opendnssec-user] Auditor Problem (ods 1.3.9)

Klaus Darilion klaus.mailinglists at pernau.at
Fri Jun 28 13:06:34 UTC 2013


For testing I created a policy with rather short intervals (see below).

I now have the problem, that I have to disable the auditor as it complains:

ods-auditor[2778]: test : Key (6670) has gone straight to active use 
without a prepublished phase

Of course this is not true. There was a publish phase, but it transits 
from "ready" to "active" without waiting (I think this should be allowed).

I inspected the key events in the sqlite DB:

'2013-06-28 14:43:12',
     '2013-06-28 14:44:52',
         '2013-06-28 14:44:52',
            '2013-06-28 15:14:52',NULL

So, the key was in PUBLISH phase for 100 seconds. I use short TTLs 
(60s), thus this should be fine.

Is this a bug in the auditor or do I miss something here?

Inspecting the zone I see that every RR in the zone has a TTL of 60, 
except the NSEC3PARAM and its RRSIG do have a TTL of 3600?

Where is this TTL coming from? May this be the source of my problems?



                                 <!-- <OptOut/> -->
                                         <Salt length="8"/>
                         <!-- Parameters for both KSK and ZSK -->
                         <!-- <ShareKeys/> -->
                         <!-- <Purge>PT20M</Purge> -->

                         <!-- Parameters for KSK only -->
                                 <Algorithm length="2048">8</Algorithm>

                         <!-- Parameters for ZSK only -->
                                 <Algorithm length="1024">8</Algorithm>
                                 <!-- <ManualRollover/> -->


More information about the Opendnssec-user mailing list