[Opendnssec-user] Date of next transition: now

Sebastian Wiesinger sebastian at karotte.org
Mon Apr 24 10:33:12 UTC 2017 

Hello,

after updating to 2.1.0 I noticed that my domains don't seem to
progress in their key states. Note the date of next transition showing
"now":

root at alita:~# ods-enforcer key list -z 6v6.de -v
Keys:
Zone:                           Keytype: State:    Date of next transition: Size: Algorithm: CKA_ID:                          Repository: KeyTag:
6v6.de                          KSK      active    now                      2048  8          3813788f2e3479c271bc5d0f9da79db9 SoftHSM     38981
6v6.de                          KSK      active    now                      2048  8          a2583a25560a47e34a48eb0c3dbbde62 SoftHSM     377
6v6.de                          ZSK      ready     now                      1024  8          20243a97f7aca09c3cd9b1fa3226315c SoftHSM     50554
6v6.de                          ZSK      retire    now                      1024  8          40f11fed90b3fa0308ebea5782306693 SoftHSM     33313
root at alita:~# ods-enforcer key list -z 6v6.de -v -d
Keys:
Zone:                           Key role:     DS:          DNSKEY:      RRSIGDNSKEY: RRSIG:       Pub: Act: Id:
6v6.de                          KSK           rumoured     omnipresent  omnipresent  NA           1    1    3813788f2e3479c271bc5d0f9da79db9
6v6.de                          KSK           omnipresent  omnipresent  omnipresent  NA           1    1    a2583a25560a47e34a48eb0c3dbbde62
6v6.de                          ZSK           NA           omnipresent  NA           rumoured     1    1    20243a97f7aca09c3cd9b1fa3226315c
6v6.de                          ZSK           NA           omnipresent  NA           unretentive  1    0    40f11fed90b3fa0308ebea5782306693

After restarting signer and enforcer this changes to:

root at alita:~# ods-enforcer key list -z 6v6.de -v 
Keys:
Zone:                           Keytype: State:    Date of next transition: Size: Algorithm: CKA_ID:                          Repository: KeyTag:
6v6.de                          KSK      active    2017-04-29 17:07:07      2048  8          3813788f2e3479c271bc5d0f9da79db9 SoftHSM     38981
6v6.de                          KSK      active    2017-04-29 17:07:07      2048  8          a2583a25560a47e34a48eb0c3dbbde62 SoftHSM     377
6v6.de                          ZSK      ready     2017-04-29 17:07:07      1024  8          20243a97f7aca09c3cd9b1fa3226315c SoftHSM     50554
6v6.de                          ZSK      retire    2017-04-29 17:07:07      1024  8          40f11fed90b3fa0308ebea5782306693 SoftHSM     33313
root at alita:~# ods-enforcer key list -z 6v6.de -v -d
Keys:
Zone:                           Key role:     DS:          DNSKEY:      RRSIGDNSKEY: RRSIG:       Pub: Act: Id:
6v6.de                          KSK           omnipresent  omnipresent  omnipresent  NA           1    1    3813788f2e3479c271bc5d0f9da79db9
6v6.de                          KSK           omnipresent  omnipresent  omnipresent  NA           1    1    a2583a25560a47e34a48eb0c3dbbde62
6v6.de                          ZSK           NA           omnipresent  NA           rumoured     1    1    20243a97f7aca09c3cd9b1fa3226315c
6v6.de                          ZSK           NA           omnipresent  NA           unretentive  1    0    40f11fed90b3fa0308ebea5782306693

So it seems that there is some sort of problem while transitioning
between states? Any idea what is going on?

Regards

Sebastian

-- 
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
            -- Terry Pratchett, The Fifth Elephant

More information about the Opendnssec-user mailing list