[Opendnssec-user] KSK Rolloverdate in opendnssec2

Berry A.W. van Halderen berry at nlnetlabs.nl
Mon Jun 11 09:18:19 UTC 2018


On 06/11/2018 08:28 AM, Gerhard Schmidt wrote:
> HI,
> 
> I'm using opendnssec 1.4 at work and opendnssec 2 on a club site.
> opendnssec reports the next transition date for each key separately
> 
> x.de                        KSK           active    2020-01-26 12:04:17
> x.de                        ZSK           active    2018-07-10 03:06:01
> 
> so i can see when i have to rollover the KSK as that has to be done
> manually.
> 
> opendnssec2 reports for all keys the same date
> y.de                      KSK      active    2018-06-20 02:23:05
> y.de                      ZSK      active    2018-06-20 02:23:05
> 
> how can i get the date of the KSK rollover ind ods2?
> 

There is the command:

  ods-enforcer rollover list

Which will give the planned dates for the rollover.  They might still
coincide of course.  The key list command will indicate at which time
the enforcer will re-inspect the validity of the key lifetime.  Hence
the column states the "next translation date" rather than the
rollover time.

With kind regards,
Berry van Halderen


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20180611/9df00872/attachment.bin>


More information about the Opendnssec-user mailing list