[Opendnssec-user] why is zone not really ready?
Randy Bush
randy at psg.com
Tue Dec 29 04:09:57 UTC 2015
opendnssec-1.4.8.2 on freebsd
new zone added to zonelist and ods-ksmutil update zonelist run
rip.psg.com:/root# ods-signer sign flybynighttravel.com
Zone flybynighttravel.com scheduled for immediate re-sign.
rip.psg.com:/root# ods-ksmutil key list --verbose | grep fly
SQLite database set to: /usr/local/var/opendnssec/kasp.db
flybynighttravel.com ZSK active 2016-03-27 23:16:57 (retire) 2048 8 7535d3d45ecdb9f10981891956335426 SoftHSM 14839
flybynighttravel.com KSK publish 2015-12-29 02:16:57 (ready) 2048 8 cee8c0cf0f26d75db36987b07727124c SoftHSM 33902
rip.psg.com:/root# ods-ksmutil key export --zone flybynighttravel.com --ds --keystate READY
No keys in ready state to export.
rip.psg.com:/root# ods-ksmutil key export --zone flybynighttravel.com --keystate READY
No keys in ready state to export.
and why is the zsk in retire state? this is a newly added zone.
the zone file looks to be signed
rip.psg.com:/usr/local/etc/opendnssec# head /usr/home/dns/primary/com.flybynighttravel
flybynighttravel.com. 3600 IN SOA rip.psg.com. hostmaster.psg.com. 1451351150 86400 3600 2592000 3600
flybynighttravel.com. 3600 IN RRSIG SOA 8 2 3600 20160111193034 20151229000550 14839 flybynighttravel.com. aCgNL/CTYZ4mF6HQ3Jadric/VqJjmqmAodf77cx0Fo6SGi5XBIpeBwDWHgIVWv5PiH5e+DpLtUgaU4RrdlRX+AgbVtM8o9PO/oWnGNwB+J+t277WQTJDTpR7jY07zOqQiMit4k95v8vKEDZlCNOVIMvpeYccqKmU5oiHpjEGva6uUonMy5bqICsKn9cDqin4rgxASmWObSKONfH+5EFsSql8Bey1GOtS13msMnbj50Ce0OUSHIxwNSmT7L/5xxscgL+rrNZ/eI1+0RFmTXX7tNaAwRwyfd4tw8ICtnufYLP4B7kVY5Gt7v3JywzNineI6kOunYqc7D+16e096mLXAQ==
flybynighttravel.com. 3600 IN DNSKEY 257 3 8 AwEAAbSh9C8yniwW3rbYQkFq+cu6ALstz8C+PKeU01ZQ1EiZ17lLUFPJIkcVZ773+xyiaIM/Wo2ipFYqn8R1z03kOISQzAUuyoA22cuowFEyuJxV+g+tNzKyjPSDyoW4MlPoMHvcTcGHeUrqpQUz34Dt3qkhuNUPC3KDm+EgM7Gu5pkqF2s3VrCQdtPqia26lgL5hkoU+9gL/nCorPk/he8BVrPZg93fIogaX0bkK1QGC2LdKeapUb+N6yVP+wSQawYZtiEghFGqYCtdYM9KJl163LCGrd7H9G+dSWkS7ZK/yBZhElS6PYFwziQwTtDe4FtxDXjBv86hi3A8IlfkPlcvZYM= ;{id = 33902 (ksk), size = 2048b}
flybynighttravel.com. 3600 IN DNSKEY 256 3 8 AwEAAdujbyongMNHEAfcOXn385vlIKMbH33BLOqVJWWci+j85X30NCkeeeJj7616dMTy3NI/Z5gx5uKZlb60mU3jFBGGaZyuGI2MwBrvqqSDgUgDQwND3dGmyvp3PFUM4oXVeqLMpEzubRV0CZxLXW78PHSc0qaSSJDC453XNFpWXfOfGYLAhMlPKvGbSgK3t/AdQGT4Nb//TyZsRbaopRSB8CZ3+yBWbKOA8H+oF3oVKtXQ1CEFZq0AVOSVQPLA+j2w5qvXCkY0mLoCcTM/COaCXZVdlyWLcDFsFJtVDrYTlDFAYQBmjUJCqV4DXcpxFKMzPr2M4s1K9OGZt1zQLQj649M= ;{id = 14839 (zsk), size = 2048b}
flybynighttravel.com. 3600 IN RRSIG DNSKEY 8 2 3600 20160112082409 20151228221659 33902 flybynighttravel.com. CFjzoXuMu1fkhp+VNwVP2Y9sO1SyWJ8WJRXEXKBWsmD2TdPnox8Qgh/Sl6iVUPmu+zeF86acmb/isD3JQjYgT3pYBAbzJ+8cJN5rkYfWz56m8P5ER2OwKKypq9K0ZjAmPdFhNB0VNhv+Mkm7h9s3Fjn4yqUv0ejB39OJQBfw1aywZOqyqYKJ5AiwZV/msUzfOk0AmIsVxWW53ukBQS0X9lt98qkEyic3BIke1awuwrl0qYXcx5DO3HRH7emTIwXAJkzIY5xxFsHYajRvK1ROhOr4s7fFZ1wKIg9D1JGJJozcFGpSHnNM4vrAD6C3Da4OYrMXe4mk3HyZKzNew+AfRA==
flybynighttravel.com. 14400 IN NS rip.psg.com.
flybynighttravel.com. 14400 IN NS ns0.rem.com.
flybynighttravel.com. 14400 IN NS nlns.globnix.net.
flybynighttravel.com. 14400 IN RRSIG NS 8 2 14400 20160111120838 20151228221659 14839 flybynighttravel.com. ndTRkDVAbFADPONZCo29TGvYzVJ/GjAvtwgHBOWGams9oosxjAJZ7AG+vg8dv1GadAN1U6Qf8r7JjSmKeQRJ6oGmkFpMQrsUvBIh17KpCxmVqDuR6IwWwxEl+5hJNXwSvEHaOqQP8BvlT1OBVeQc7NrS3Gwsc9D6Kja4MezP1gvMlAMF3nawIzF7CpeGdnvWPlWxz8IkwW2MmFklLF4j5W5rlJ+KpocvLO0UkpemfJbST1JC/SdckYMXQOE2vLSQ2magLgx/Tyum8TBYMuxM5ZgdRdUHMPo96iL5TYICu5ibo3iL+5NRIP/v5Mft2ONPuSopplKLDNYUxcdVt6Au8Q==
flybynighttravel.com. 14400 IN MX 10 psg.com.
rip.psg.com:/usr/local/etc/opendnssec#
randy
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
More information about the Opendnssec-user
mailing list