[Opendnssec-user] KSK Retirement log messages from ods-enforcerd
marc.richter at de.verizon.com
Fri Jan 27 09:23:42 UTC 2017
well, I understood it that way, that the
Rollover of KSK expected
message is the normal, non-critcal message, being logged before the
lifetime of the KSK has actually expired.
But then, once the lifetime of a KSK has expired, the
KSK Retirement reached
message should be logged.
Did I understand that wrong ? If yes, what is the exact trigger for the
"KSK Retirement reached" message then ?
On 01/27/2017 09:09 AM, Yuri Schaeffer wrote:
> Hi Marc,
>> As it is not an upcoming, but a missed rollover (as the "Date of next
>> transition" has long passed), shouldn't it log the
>> ods-enforcerd: WARNING: KSK Retirement reached
>> message instead ??
> It is not really a missed rollover. It merely hasn't happened yet. It is
> waiting for user input since that time.
> We could append:
> Jan 26 12:18:49 ods-enforcerd: Rollover of KSK expected at 2016-07-25
> 10:23:48 for uutest.com, waiting for human.
> Or something more formal of course. :) Would that work?
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
Engr III Cslt-Ntwk Eng&Ops
O +49 231 972 1293
F +49 231 972 2587
E marc.richter at de.verizon.com
More information about the Opendnssec-user