[Opendnssec-user] KSK rollover not working in time

Christoph.Malin at vtg.at Christoph.Malin at vtg.at
Tue Jul 15 14:26:42 UTC 2014


Hi,

I'm playing around with opendnssec. I added a zone to openddnssec and it was signed.
Then I changed the date of the Server to (12.07.2015)  a few dates before the KSK retires.

In the log file:
Rollover of KSK expected at 2015-07-15 18:20:53 for vtg.at

Also when I print the current keys:
vtg.at                          KSK           active    2015-07-15 18:20:53 (retire)

Then I changed the date to 2015-07-16. Suddenly a second KSK was here.
vtg.at                          KSK           ready     waiting for ds-seen (active)   2048

Why was the key not generated before the retire? I want that the key gets generated 10 days before he expires.
Otherwise the chain of trust is broken.

Can anybody help me?

Best regards,
Christoph

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140715/656d83d6/attachment.htm>


More information about the Opendnssec-user mailing list