[Opendnssec-user] ods-ksmutil key export --all not exporting key's

(Berry) A.W. van Halderen berry at nlnetlabs.nl
Sat Nov 19 16:51:35 UTC 2016 

On Sat, Nov 19, 2016 at 03:12:46PM +0000, Bas van den Dikkenberg wrote:
> For some kind of reason ods-enforcer key export -all doesn't export any thing:
> 
> root at scripting:~# ods-enforcer key export --all
> key export completed in 0 seconds.

Key export prints the keys that need to be submitted to the parent zone
and are not ds-seen yet. So if it would say "waiting for ds-seen" your
key export would also show you the DNSKEY record.

Documentation could be clearer on this and the command line interface
isn't always intuitive.  We need to be careful on changing this though.

\Berry

> If I do key list I see my keys:
> 
> root at scripting:~# ods-enforcer key list
> Keys:
> Zone:                           Keytype: State:    Date of next transition:
> hccregiodagen.nl                KSK      active    2016-11-19 17:57:43
> hccregiodagen.nl                ZSK      active    2016-11-19 17:57:43
> linuxthemadag.nl                KSK      active    2016-11-19 17:57:43
> linuxthemadag.nl                ZSK      active    2016-11-19 17:57:43
> software-freedom-day.nl         KSK      active    2016-11-19 17:57:43
> software-freedom-day.nl         ZSK      active    2016-11-19 17:57:43
> offline.hobby.nl                KSK      active    2016-11-19 17:01:03
> offline.hobby.nl                ZSK      active    2016-11-19 17:01:03
> test.local                      KSK      active    2016-11-19 19:42:42
> test.local                      ZSK      active    2016-11-19 19:42:42
> 231.72.212.in-addr.arpa         KSK      active    2016-11-19 17:06:03
> 231.72.212.in-addr.arpa         ZSK      active    2016-11-19 17:06:03
> 230.72.212.in-addr.arpa         KSK      active    2016-11-19 17:06:03
> 230.72.212.in-addr.arpa         ZSK      active    2016-11-19 17:06:03
> 228.72.212.in-addr.arpa         KSK      active    2016-11-19 17:06:03
> 228.72.212.in-addr.arpa         ZSK      active    2016-11-19 17:06:03
> 226.72.212.in-addr.arpa         KSK      active    2016-11-19 17:06:03
> 226.72.212.in-addr.arpa         ZSK      active    2016-11-19 17:06:03
> 225.72.212.in-addr.arpa         KSK      active    2016-11-19 17:06:03
> 225.72.212.in-addr.arpa         ZSK      active    2016-11-19 17:06:03
> key list completed in 0 seconds.
> root at scripting:~#
> 
> 
> What am I doing wrong ?
> 
> Bas
> 

> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user


-- 
N: (Berry) A.W. van Halderen
E: berry at nlnetlabs.nl
O: NLnet Labs
W: http://www.nlnetlabs.nl/

More information about the Opendnssec-user mailing list