[Opendnssec-user] ods-ksmutil key export --all not exporting key's
c.gielen at uvt.nl
Tue Nov 22 13:21:55 UTC 2016
Op 19-11-16 om 17:51 schreef (Berry) A.W. van Halderen:
> On Sat, Nov 19, 2016 at 03:12:46PM +0000, Bas van den Dikkenberg wrote:
>> For some kind of reason ods-enforcer key export -all doesn't export any thing:
>> root at scripting:~# ods-enforcer key export --all
>> key export completed in 0 seconds.
> Key export prints the keys that need to be submitted to the parent zone
> and are not ds-seen yet. So if it would say "waiting for ds-seen" your
> key export would also show you the DNSKEY record.
> Documentation could be clearer on this and the command line interface
> isn't always intuitive. We need to be careful on changing this though.
If you really want to see all the keys you will have to ask for them specifically:
for state in GENERATE PUBLISH READY ACTIVE RETIRE DEAD DSSUB DSPUBLISH DSREADY KEYPUBLISH;
ods-ksmutil key export --keystate $state
For monitoring purposes it's nice to be able the get all the keys available.
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7
Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
More information about the Opendnssec-user