[Opendnssec-user] ds-seen on a retired key: standby

[Jan-Piet Mens]

Matthijs,

> > I have since worked around this by ensuring that a ds-seen is
> > issued on an ACTIVE key only.)
> 
> Should the key not be in ready or dssub state instead of the active
> state? Because if it is active, it is already in use.

READY of course, yes. This is the code:

        n=$(ods-ksmutil key list --verbose --keytype KSK --keystate READY --zone "${zone}" 2>/dev/null |
                grep 'waiting for ds-seen' |
                grep "${keytag}$" |
                wc -l)

        -JP