[Opendnssec-user] key export in ods 2.0.1

Yuri Schaeffer yuri at nlnetlabs.nl
Wed Aug 10 15:38:01 UTC 2016

On 10-08-16 15:13, Fred.Zwarts wrote:
> Thanks, this helps a bit.
> But "dead", "unknown" and "mixed" still result in "unknown keystate,
> Error parsing arguments" when used to export keys.

Ah yes, I was reading the wrong piece of code. There is some more code 
that applies a filter on the input arguments. That code accepts.

generate, publish, ready, active, retire, revoke

> What should I use to export keys in the states "waiting for ds-seen" and
> "waiting for ds-gone"?
> (These are the ones (with the -ds option) that are needed during
> roll-overs to update the parent zone.)

As far as I can tell nothing particular. A key in those states should 
show up when you do

key export -z <zone>

Doesn't this work for you?

 > Thanks for your patience.

Not at all. We are happy to receive feedback so we know which parts need 
our attention most. Which at the moment is probably documentation.


> Fred.Zwarts.
> "Yuri Schaeffer"  schreef in bericht
> news:37170e1f-d553-1db6-545c-ac2fc7002c62 at nlnetlabs.nl...
>> So, to get the export the --keystate option of ods-enforcer must be
>> used. I could not find in the documentation how the different keystates
>> can be specified. I see that "retire" and "active" are accepted, but
>> "ds-seen", or "waiting for ds-seen" result in "unknown keystate, Error
>> parsing arguments". Where can I find a list of acceptable keystates?
> I made an issue for us to fix this code and documentation. For now, the
> code defines the following states:
> "generate", "publish", "ready", "active", "retire", "dead", "unknown",
> "mixed"
> //Yuri
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

More information about the Opendnssec-user mailing list