[Opendnssec-user] KSK Retirement log messages from ods-enforcerd

Marc Richter marc.richter at de.verizon.com
Fri Jan 27 09:23:42 UTC 2017


Hi Yuri,

well, I understood it that way, that the

	Rollover of KSK expected
	
message is the normal, non-critcal message, being logged before the
lifetime of the KSK has actually expired.
But then, once the lifetime of a KSK has expired, the

	KSK Retirement reached

message should be logged.
Did I understand that wrong ? If yes, what is the exact trigger for the
"KSK Retirement reached" message then ?

Regards
Marc

On 01/27/2017 09:09 AM, Yuri Schaeffer wrote:
> Hi Marc,
>
>> As it is not an upcoming, but a missed rollover (as the "Date of next
>> transition" has long passed), shouldn't it log the
>>     ods-enforcerd: WARNING: KSK Retirement reached
>> message instead ??
>
> It is not really a missed rollover. It merely hasn't happened yet. It is
> waiting for user input since that time.
>
> We could append:
>
> Jan 26 12:18:49 ods-enforcerd: Rollover of KSK expected at 2016-07-25
> 10:23:48 for uutest.com, waiting for human.
>
> Or something more formal of course. :) Would that work?
>
> //Yuri
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>

-- 
Marc Richter
Engr III Cslt-Ntwk Eng&Ops

Sebrathweg 20
44149 Dortmund
Germany

O +49 231 972 1293
F +49 231 972 2587
E marc.richter at de.verizon.com



More information about the Opendnssec-user mailing list