[Opendnssec-user] Key state not changing at "Date of next transition"

Arun N S arun at arunns.com
Sun May 8 11:14:41 UTC 2016


Thanks for the response.

On Wed, May 4, 2016 at 10:13 AM, Berry A.W. van Halderen <berry at nlnetlabs.nl
> wrote:

> On 05/04/2016 08:59 AM, Arun N S wrote:
> > Hi,
> >
> >  Trying to configure OpenDNSSEC with SoftHSM with automatic key
> > generation and roll over.
> >
> >  While querying the database for keys:
> > Zone:                           Keytype:      State:    Date of next
> > transition (to):  Size:   Algorithm:  CKA_ID:
> > Repository:                       Keytag:
> > example.com <http://example.com>               ZSK           active
> >  2016-05-04 10:40:56 (retire)   2048    8
> > 457a1480ae07d5a966d40338777e4b93  SoftHSM                           31461
> > example.com <http://example.com>               ZSK           generate
> >  (not scheduled)     (publish)  2048    8
> > 5ab3b8b52447860557e3b47c0c3b0ac8  SoftHSM                           23151
> > example.com <http://example.com>               KSK           publish
> > 2016-05-04 09:47:36 (ready)    2048    8
> > 2fcc6fb8591261b35d82b81f588b630d  SoftHSM                           45250
> >
> >  I can see that "Date of next transition" for KSK is at  2016-05-04
> > 09:47:36  to READY. Is it supposed to happen automatically?
>
> Yes, as long as the system is running transitions are performed
> automatically.  Except when it explicitly indicates so ("waiting
> for...").
>


The  "Date of next transition" is already passed and the key state did not
change until I stop and start ods-control.


>
> > The state did not change until I stop and start ods-control.
>
> How do you mean, the transition is scheduled for a future time (at least
> I guess your timezone).  Was the state different earlier or did
> it change state?
>

This is on a test lab with shorter roll over intervals, and the future time
has already reached, and the state did not change.


>
> \Berry
>
> > Thanks,
> > Arun
> >
> >
> >
> > _______________________________________________
> > Opendnssec-user mailing list
> > Opendnssec-user at lists.opendnssec.org
> > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> >
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160508/0ebb4b62/attachment.htm>


More information about the Opendnssec-user mailing list