[Opendnssec-user] termination of obs2 DelegationSignerSubmitCommand input stream missing?
Yuri Schaeffer
yuri at nlnetlabs.nl
Wed Dec 21 10:12:42 UTC 2016
> after a bit of digging, seems !ods-ksmutil, but ods-enforcer is to be used (would be helpful if DOCS reflected that)
Whoops, I'll update the 2.0 documentation. There where multiple
erroneous mentions of ods-ksmutil.
> /usr/local/opendnssec/sbin/ods-enforcer key ds-seen -z example.info -x 56995
> 1 KSK matches found.
> 1 KSKs changed.
>
> now,
>
> /usr/local/opendnssec/sbin/ods-enforcer key list --verbose
> Keys:
> Zone: Keytype: State: Date of next transition: Size: Algorithm: CKA_ID: Repository: KeyTag:
> example.info KSK active 2016-12-19 17:25:55 2048 8 690c90a78f1ba38fcbf76f248a4fe47e SoftHSM 56995
> example.info ZSK active 2016-12-19 17:25:55 1024 8 0c60caf105ce9edef9048b19eed84db9 SoftHSM 6126
>
> So a state change, but still no email sent.
> Is there another step, or different action, needed?
The email should have been sent at an earlier stage. Internally DS
records have these states:
* unsubmitted
* submit
* submitted (waiting for ds-seen)
* seen
* retract
* retracted
The transition between submit and submitted should go automatically when
you have a DelegationSignerSubmitCommand specified. Like you have.
In case the enforcer logged an error it should prepend it with
'keystate_ds_x_cmd'. So please grep your logs for that.
//Yuri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20161221/d130c4df/attachment.bin>
More information about the Opendnssec-user
mailing list