[Opendnssec-user] ds-seen on a retired key: standby

Jan-Piet Mens jpmens.dns at gmail.com
Mon Nov 16 08:54:36 UTC 2015


> > I have since worked around this by ensuring that a ds-seen is
> > issued on an ACTIVE key only.)
> Should the key not be in ready or dssub state instead of the active
> state? Because if it is active, it is already in use.

READY of course, yes. This is the code:

        n=$(ods-ksmutil key list --verbose --keytype KSK --keystate READY --zone "${zone}" 2>/dev/null |
                grep 'waiting for ds-seen' |
                grep "${keytag}$" |
                wc -l)


More information about the Opendnssec-user mailing list