[Opendnssec-user] termination of obs2 DelegationSignerSubmitCommand input stream missing?

Havard Eidnes he at uninett.no
Wed Dec 21 15:19:24 UTC 2016

>>> In case the enforcer logged an error it should prepend it with
>>> 'keystate_ds_x_cmd'. So please grep your logs for that.
>> I've something amiss re state mgmt.
>> at verbosity = 6, on exec
>> 	/usr/local/opendnssec/sbin/ods-enforcer zone add -z example.info -p lab
>> there's no such log entry,
> Again, after zone add the DS doesn't get submitted immediately.
> OpenDNSSEC should first have to make sure the keys and signatures are
> sufficiently propagated. You'll have to wait for the "waiting for
> ds-seen" state.

If I recall correctly, with OpenDNSSEC 1.4, I think you also had to
wait for the keys in the (Soft)HSM database to be marked as being
"backed up" in order for the keys to proceed to the state before
"waiting for ds-seen", which I think is "publish", not sure what the
state before that is called.  Not sure if that's the case with
OpenDNSSEC 2.0, though; I've not dared venture into that quite yet.


- Håvard

More information about the Opendnssec-user mailing list