[Opendnssec-user] termination of obs2 DelegationSignerSubmitCommand input stream missing?

PGNet Dev pgnet.dev at gmail.com
Wed Dec 21 14:57:51 UTC 2016 

>> The email should have been sent at an earlier stage. Internally DS
>> records have these states:
>>
>> * unsubmitted
>> * submit
>> * submitted (waiting for ds-seen)
>> * seen
>> * retract
>> * retracted
>>
>> The transition between submit and submitted should go automatically when
>> you have a DelegationSignerSubmitCommand specified. Like you have.
>>

trying to follow/understand keystates

delete & re-add

	ods-enforcer zone delete --all
	ods-enforcer zone add -z example.info -p lab

check current time

	date
		Wed Dec 21 06:41:33 PST 2016

note the current, reported key state ... 'publish'

	ods-enforcer key list --verbose
		Keys:
		Zone:                           Keytype: State:    Date of next transition: Size: Algorithm: CKA_ID:                          Repository: KeyTag:
		example.info                    KSK      publish   2016-12-21 06:45:01      2048  8          acec57818bc81329aff8b50d1b368c37 SoftHSM     31180
		example.info                    ZSK      ready     2016-12-21 06:45:01      1024  8          93d581dac130c9ff795c246698511e97 SoftHSM     4800

wait until after "Date of next transition"

	date
		Wed Dec 21 06:46:58 PST 2016

key state has NOT changed after 'next transition'; not sure what SHOULD have shown ...

	ods-enforcer key list --verbose
		Keys:
		Zone:                           Keytype: State:    Date of next transition: Size: Algorithm: CKA_ID:                          Repository: KeyTag:
		example.info                    KSK      publish   2016-12-21 06:51:01      2048  8          acec57818bc81329aff8b50d1b368c37 SoftHSM     31180
		example.info                    ZSK      ready     2016-12-21 06:51:01      1024  8          93d581dac130c9ff795c246698511e97 SoftHSM     4800

eventually, simply waiting longer

	date
		Wed Dec 21 06:53:29 PST 2016

	ods-enforcer key list --verbose
		Keys:
		Zone:                           Keytype: State:    Date of next transition: Size: Algorithm: CKA_ID:                          Repository: KeyTag:
		example.info                    KSK      ready     waiting for ds-seen      2048  8          acec57818bc81329aff8b50d1b368c37 SoftHSM     31180
		example.info                    ZSK      active    2016-12-21 10:35:01      1024  8          93d581dac130c9ff795c246698511e97 SoftHSM     4800

still no "keystate_ds_x_cmd" in logs, and no email sent

More information about the Opendnssec-user mailing list