[Opendnssec-user] Migration to 2.0.1

Fred.Zwarts F.Zwarts at KVI.nl
Tue Aug 9 12:52:17 UTC 2016

Today I tried to migrate from ods 1.4.10 to 2.0.1 on our test system.
After the migration of the database and after adding the keytags I started 
ods the new ods and it seems to run.
The first thing I noticed is that there are now some keys in the state 
"waiting for ds-gone". I have the impression that these are our backup KSK 
keys. Is this normal? I found that there is now a command "ods-enforcer key 
ds-gone". This brings the keys to the state "retire". What is the idea 
behind this?

I further noticed that "ods-enforcer key list" lists the keys in a different 
order. Previously, all keys of a domain were listed together. Now I do not 
immediately see how they are sorted. It makes it a bit more difficult to see 
the state of a zone, but it can be easily worked around with the --zone 

Then I see that the output from "ods-enforcer backup list -v" is very 
different from what previously was shown with "ods-ksmutil backup list -v". 
The latter listed the backups with a date/time, but now I see a list of 
hexadecimal numbers. What does it mean?

Thanks for your attention,

More information about the Opendnssec-user mailing list