[Opendnssec-user] ds-seen on a retired key: standby
Jan-Piet Mens
jpmens.dns at gmail.com
Mon Nov 16 08:54:36 UTC 2015
Matthijs,
> > I have since worked around this by ensuring that a ds-seen is
> > issued on an ACTIVE key only.)
>
> Should the key not be in ready or dssub state instead of the active
> state? Because if it is active, it is already in use.
READY of course, yes. This is the code:
n=$(ods-ksmutil key list --verbose --keytype KSK --keystate READY --zone "${zone}" 2>/dev/null |
grep 'waiting for ds-seen' |
grep "${keytag}$" |
wc -l)
-JP
More information about the Opendnssec-user
mailing list