[Opendnssec-user] KSK Retirement log messages from ods-enforcerd
Marc Richter
marc.richter at de.verizon.com
Thu Jan 26 12:58:43 UTC 2017
Hi,
for a test zone we have not done a KSK rollover for some time:
Keys:
Zone: Keytype: State: Date of next
transition:
uutest.com KSK dssub waiting for ds-seen
uutest.com KSK active 2016-07-25 10:23:48
uutest.com KSK ready waiting for ds-seen
uutest.com ZSK retire 2017-01-28 22:32:54
uutest.com ZSK active 2017-02-05 19:32:54
uutest.com ZSK ready next rollover
Now, when ods-enforcerd runs it logs the following:
Jan 26 12:18:49 ods-enforcerd: Rollover of KSK expected at 2016-07-25
10:23:48 for uutest.com
Which seems kind of strange to me, as that rollover date is well in the
past.
According to
https://wiki.opendnssec.org/display/DOCS/Troubleshooting
the above log message means:
This is not an error, but a notification of an upcoming
(scheduled) rollover.
As it is not an upcoming, but a missed rollover (as the "Date of next
transition" has long passed), shouldn't it log the
ods-enforcerd: WARNING: KSK Retirement reached
message instead ??
Regards
Marc
--
Marc Richter
Engr III Cslt-Ntwk Eng&Ops
Sebrathweg 20
44149 Dortmund
Germany
O +49 231 972 1293
F +49 231 972 2587
E marc.richter at de.verizon.com
--
Marc Richter
Engr III Cslt-Ntwk Eng&Ops
Sebrathweg 20
44149 Dortmund
Germany
O +49 231 972 1293
F +49 231 972 2587
E marc.richter at de.verizon.com
More information about the Opendnssec-user
mailing list