[Opendnssec-user] Zone signed by key in retire state

Arun Natarajan arun at arunns.com
Tue Sep 27 14:21:24 UTC 2016


 We have opendnssec setup to rollover ZSK every 3 months. And in the ODS
database it happened as expected , a new key was in PUBLISH state and later
on to ACTIVE. The old key was moved to retire state. But still, I see the
zone file is signed with the old key (currently in RETIRE state). Any ideas?

I guess if we clear the ods and run signer again it will work, but
wondering why it does not happen automatically?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160927/4e575c7c/attachment.htm>

More information about the Opendnssec-user mailing list