[Opendnssec-user] manual key rollover results in "1970-01-01 01:00:00"

Casper Gielen C.Gielen at uvt.nl
Thu Nov 9 17:00:04 UTC 2017


Op 08-11-17 om 16:52 schreef Yuri Schaeffer:
>> In an attempt to locate anomalies in my database, the following value is
>> different (domain "dennisbaaten.com" in the table "zone"):
>> nextChange: "0"
> 
> Ah. That explains some of it. I discovered a bug that causes this value
> not to be written some time. (and for a couple more timestamps that are
> also for display only) I'll fix that in a next release.

Dennis and I seem to be working in parallel. I just ran into this on my
test system.

I have one zone that has the same problem (1970-01-01 01:00:00) and also
nextChange = 0. (I guess that's the same value). It does happen to be
the zone that I use for most of my testing.


root at metagross:~# ods-enforcer key list --zone scpdata.org
Keys:
Zone:                           Keytype: State:    Date of next transition:
scpdata.org                     KSK      retire    1970-01-01 01:00:00
scpdata.org                     ZSK      retire    1970-01-01 01:00:00
scpdata.org                     ZSK      retire    1970-01-01 01:00:00
scpdata.org                     ZSK      active    1970-01-01 01:00:00
scpdata.org                     KSK      retire    1970-01-01 01:00:00
scpdata.org                     KSK      retire    1970-01-01 01:00:00
scpdata.org                     KSK      retire    1970-01-01 01:00:00
scpdata.org                     KSK      retire    1970-01-01 01:00:00
scpdata.org                     KSK      retire    1970-01-01 01:00:00
scpdata.org                     KSK      retire    1970-01-01 01:00:00
scpdata.org                     KSK      retire    1970-01-01 01:00:00
scpdata.org                     KSK      retire    1970-01-01 01:00:00
scpdata.org                     KSK      retire    1970-01-01 01:00:00
scpdata.org                     KSK      ready     waiting for ds-seen
key list completed in 1 seconds.


The large number of KSKs is due to testing. This zone uses fairly
aggressive KASP timings to speed up testing.

Anything I can do to help?
-- 
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981  63B8 2214 083C F80E 4AF7

Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl





More information about the Opendnssec-user mailing list