[Opendnssec-user] Key States after migrating from 1.4.10 to 2.1.0

Fri Apr 21 11:25:41 UTC 2017

Hello,

I just finished migrating from 1.4.10 to 2.1.0 and everything appears
to be running. The only thing I noticed is an extra KSK appearing:

root at alita:/etc/opendnssec# ods-enforcer rollover list -z dnssec-test.intern
Keys:
Zone:                           Keytype: Rollover expected:
dnssec-test.intern              KSK      No roll scheduled
dnssec-test.intern              KSK      No roll scheduled
dnssec-test.intern              ZSK      2017-04-29 17:07:07
dnssec-test.intern              ZSK      2017-04-29 17:07:07
root at alita:/etc/opendnssec# ods-enforcer key list -z dnssec-test.intern -d
Keys:
Zone:                           Key role:     DS:          DNSKEY:      RRSIGDNSKEY: RRSIG:       Pub: Act: Id:
dnssec-test.intern              KSK           rumoured     omnipresent  omnipresent  NA           1    1    e79f3f37b8a9e76c6b63fd273daadb31
dnssec-test.intern              KSK           omnipresent  omnipresent  omnipresent  NA           1    1    66c43087a1ae1989a17d2133de599e26
dnssec-test.intern              ZSK           NA           omnipresent  NA           rumoured     1    1    29099c0d3024b7fa908cd27576aabd2d
dnssec-test.intern              ZSK           NA           omnipresent  NA           unretentive  1    0    eb6252b8fb97e2c39f27514216cfb645

So I have an extra KSK in state rumoured with no key roll scheduled but active
in the zone. Is this to be expected?

Regards

Sebastian

-- 
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
            -- Terry Pratchett, The Fifth Elephant