[Opendnssec-user] Rollover: DNSKEY for old KSK gone from signed zone before issuing ds-seen/ds-gone commands
Yuri Schaeffer
yuri at nlnetlabs.nl
Mon Jan 8 10:51:59 UTC 2018
Hi Julian,
On 07-01-18 21:07, Julian Brost wrote:
> See the attached file `log.txt` for the syslog snippets showing the
> involved keys and the output of `ods-enforcer key list` as of now.
> OpenDNSSEC version is 2.1.3, running on Debian sid. Let me know if you
> need any additional information.
Can I see you kasp.xml? I suspect that the DS TTL + delays is larger
than your KSK rollover time. This should not be a problem but might be
the cause of the issue.
//Yuri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20180108/a919f8c3/attachment.bin>
More information about the Opendnssec-user
mailing list