[Opendnssec-user] ods-ksmutil key export --all not exporting key's

Casper Gielen c.gielen at uvt.nl
Tue Nov 22 13:21:55 UTC 2016


Op 19-11-16 om 17:51 schreef (Berry) A.W. van Halderen:
> On Sat, Nov 19, 2016 at 03:12:46PM +0000, Bas van den Dikkenberg wrote:
>> For some kind of reason ods-enforcer key export -all doesn't export any thing:
>>
>> root at scripting:~# ods-enforcer key export --all
>> key export completed in 0 seconds.
> 
> Key export prints the keys that need to be submitted to the parent zone
> and are not ds-seen yet. So if it would say "waiting for ds-seen" your
> key export would also show you the DNSKEY record.
> 
> Documentation could be clearer on this and the command line interface
> isn't always intuitive.  We need to be careful on changing this though.


If you really want to see all the keys you will have to ask for them specifically:

for state in GENERATE PUBLISH READY ACTIVE RETIRE DEAD DSSUB DSPUBLISH DSREADY KEYPUBLISH;
do
	ods-ksmutil key export --keystate $state
done

For monitoring purposes it's nice to be able the get all the keys available.
-- 
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981  63B8 2214 083C F80E 4AF7

Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl





More information about the Opendnssec-user mailing list