[Opendnssec-user] manual key rollover results in "1970-01-01 01:00:00"

Yuri Schaeffer yuri at nlnetlabs.nl
Mon Nov 13 11:33:05 UTC 2017

> root at traxotic [~]$ ods-enforcer queue
> There are 0 tasks scheduled.
> It is now Mon Nov 13 11:11:20 2017 (1510567880 seconds since epoch)
> queue completed in 0 seconds.

This stands out. For some reason the enforcer thinks there is nothing to
do. While this could happen when all your rollovers are manual / are
waiting for user input, your key list output shows you are in a ZSK
rollover. So it really should have at least that zone queued. It does
explain why the signconf hasn't been written.

Can you force it to enforce the zones:
- ods-enforcer enforce

Then check the queue again to see whether the zones are properly
scheduled. A signconf SHOULD be produced and the zone SHOULD be
scheduled for later (Based on the information you provided I think in
approx 1 day).

If anything seems wrong please go through the enforcer logs.

At this point I don't know a cause yet. Is this the first opendnssec run
after the migration or was it restarted at some point?

> I'm not able to dump the kasp.db database file. Maybe due to a versioning incompatibility (.db file versus db_dump)?

Passing me the file will work fine. But it might no be necessary now.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20171113/39581ab4/attachment.bin>

More information about the Opendnssec-user mailing list