[Opendnssec-user] Key state not changing at "Date of next transition"
Arun N S
arun at arunns.com
Sun May 8 11:14:41 UTC 2016
Thanks for the response.
On Wed, May 4, 2016 at 10:13 AM, Berry A.W. van Halderen <berry at nlnetlabs.nl
> On 05/04/2016 08:59 AM, Arun N S wrote:
> > Hi,
> > Trying to configure OpenDNSSEC with SoftHSM with automatic key
> > generation and roll over.
> > While querying the database for keys:
> > Zone: Keytype: State: Date of next
> > transition (to): Size: Algorithm: CKA_ID:
> > Repository: Keytag:
> > example.com <http://example.com> ZSK active
> > 2016-05-04 10:40:56 (retire) 2048 8
> > 457a1480ae07d5a966d40338777e4b93 SoftHSM 31461
> > example.com <http://example.com> ZSK generate
> > (not scheduled) (publish) 2048 8
> > 5ab3b8b52447860557e3b47c0c3b0ac8 SoftHSM 23151
> > example.com <http://example.com> KSK publish
> > 2016-05-04 09:47:36 (ready) 2048 8
> > 2fcc6fb8591261b35d82b81f588b630d SoftHSM 45250
> > I can see that "Date of next transition" for KSK is at 2016-05-04
> > 09:47:36 to READY. Is it supposed to happen automatically?
> Yes, as long as the system is running transitions are performed
> automatically. Except when it explicitly indicates so ("waiting
The "Date of next transition" is already passed and the key state did not
change until I stop and start ods-control.
> > The state did not change until I stop and start ods-control.
> How do you mean, the transition is scheduled for a future time (at least
> I guess your timezone). Was the state different earlier or did
> it change state?
This is on a test lab with shorter roll over intervals, and the future time
has already reached, and the state did not change.
> > Thanks,
> > Arun
> > _______________________________________________
> > Opendnssec-user mailing list
> > Opendnssec-user at lists.opendnssec.org
> > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-user