[Opendnssec-user] Date of next transition in the past.

Fred.Zwarts F.Zwarts at KVI.nl
Fri Aug 12 07:33:19 UTC 2016 

Bij stopping en starting ods, the dates shown are now in the future:

# ods-enforcer key list --zone 37.125.129.in-addr.arpa
Keys:
Zone:                           Keytype: State:    Date of next transition:
37.125.129.in-addr.arpa         KSK      retire    2016-08-13 14:33:34
37.125.129.in-addr.arpa         KSK      active    2016-08-13 14:33:34
37.125.129.in-addr.arpa         ZSK      retire    2016-08-13 14:33:34
37.125.129.in-addr.arpa         ZSK      active    2016-08-13 14:33:34
37.125.129.in-addr.arpa         ZSK      ready     2016-08-13 14:33:34
key list completed in 0 seconds.
# ods-enforcer queue
There are 2 tasks scheduled.
It is now Fri Aug 12 09:31:01 2016 (1470987061 seconds since epoch)
Next task scheduled Fri Aug 12 16:33:10 2016 (1471012390 seconds since 
epoch)
On Fri Aug 12 16:33:10 2016 I will [enforce] KVI.nl
On Fri Nov 18 11:10:04 2016 I will [resalt] policies
queue completed in 0 seconds.
#

This suggests that the dates are only updated at startup.

Fred.Zwarts.

"Yuri Schaeffer"  schreef in bericht 
news:fa5bd541-5887-e339-3932-61dfc6b50bbe at nlnetlabs.nl...

> Today I noticed something else on our test system with ods 2.0.1:
>
> # date
> Thu Aug 11 15:48:31 CEST 2016
> # ods-enforcer key list --zone 37.125.129.in-addr.arpa
> Keys:
> Zone:                           Keytype: State:    Date of next 
> transition:
> 37.125.129.in-addr.arpa         KSK      retire    2016-08-11 04:53:24
> 37.125.129.in-addr.arpa         KSK      active    2016-08-11 04:53:24
> 37.125.129.in-addr.arpa         ZSK      retire    2016-08-11 04:53:24
> 37.125.129.in-addr.arpa         ZSK      active    2016-08-11 04:53:24
> 37.125.129.in-addr.arpa         ZSK      ready     2016-08-11 04:53:24
> key list completed in 0 seconds.
> #
>
> Should it worry me that all dates-times are in the past?

Not necessarily. That date of next transition is for displaying purposes
only. To be able to print something that is like ODS 1.4.

Though it is unexpected. Could you check the output of
ods-enforcer queue

It should be the time the zone is enforced again by the way. Not
specifically the key. So all having the same time is normal.

//Yuri







_______________________________________________
Opendnssec-user mailing list
Opendnssec-user at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

More information about the Opendnssec-user mailing list