[Opendnssec-user] KSK Retirement log messages from ods-enforcerd
Marc Richter
marc.richter at de.verizon.com
Fri Jan 27 09:23:42 UTC 2017
Hi Yuri,
well, I understood it that way, that the
Rollover of KSK expected
message is the normal, non-critcal message, being logged before the
lifetime of the KSK has actually expired.
But then, once the lifetime of a KSK has expired, the
KSK Retirement reached
message should be logged.
Did I understand that wrong ? If yes, what is the exact trigger for the
"KSK Retirement reached" message then ?
Regards
Marc
On 01/27/2017 09:09 AM, Yuri Schaeffer wrote:
> Hi Marc,
>
>> As it is not an upcoming, but a missed rollover (as the "Date of next
>> transition" has long passed), shouldn't it log the
>> ods-enforcerd: WARNING: KSK Retirement reached
>> message instead ??
>
> It is not really a missed rollover. It merely hasn't happened yet. It is
> waiting for user input since that time.
>
> We could append:
>
> Jan 26 12:18:49 ods-enforcerd: Rollover of KSK expected at 2016-07-25
> 10:23:48 for uutest.com, waiting for human.
>
> Or something more formal of course. :) Would that work?
>
> //Yuri
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
--
Marc Richter
Engr III Cslt-Ntwk Eng&Ops
Sebrathweg 20
44149 Dortmund
Germany
O +49 231 972 1293
F +49 231 972 2587
E marc.richter at de.verizon.com
More information about the Opendnssec-user
mailing list