[Opendnssec-user] ds-seen not working

[Bas van den Dikkenberg]

Hi,

 

I am running opendnssec 2.1.5,

 

But key-ds-seen is not working any more?

 

>From the command line i did this:

 

cmd> verbosity 10

Verbosity level set to 10.

Command exit code: 0

cmd> key ds-seen --zone energiekeburger.nl --keytag 43156

0 KSK matches found.

0 KSKs changed.

Command exit code: 11

cmd>

root at domein:/usr/src/opendnssec-2.1.5# tail -f /var/log/syslog

Nov 10 18:15:11 domein ods-enforcerd: received command verbosity 10

Nov 10 18:15:11 domein ods-enforcerd: [cmdhandler] verbosity command

Nov 10 18:15:11 domein ods-enforcerd: [verbosity_cmd] verbosity command

Nov 10 18:15:11 domein ods-enforcerd: [cmdhandler] done handling command
verbosity 10

Nov 10 18:15:26 domein ods-enforcerd: received command key ds-seen --zone
energiekeburger.nl --keytag 43156

Nov 10 18:15:26 domein ods-enforcerd: [cmdhandler] key ds-seen command

Nov 10 18:15:26 domein ods-enforcerd: SELECT zone.id, zone.rev,
zone.policyId, zone.name, zone.signconfNeedsWriting, zone.signconfPath,
zone.nextChange, zone.ttlEndDs, zone.ttlEndDk, zone.ttlEndRs,
zone.rollKskNow, zone.rollZskNow, zone.rollCskNow, zone.inputAdapterType,
zone.inputAdapterUri, zone.outputAdapterType, zone.outputAdapterUri,
zone.nextKskRoll, zone.nextZskRoll, zone.nextCskRoll FROM zone WHERE
zone.name = ?

Nov 10 18:15:26 domein ods-enforcerd: SELECT zone.id, zone.rev,
zone.policyId, zone.name, zone.signconfNeedsWriting, zone.signconfPath,
zone.nextChange, zone.ttlEndDs, zone.ttlEndDk, zone.ttlEndRs,
zone.rollKskNow, zone.rollZskNow, zone.rollCskNow, zone.inputAdapterType,
zone.inputAdapterUri, zone.outputAdapterType, zone.outputAdapterUri,
zone.nextKskRoll, zone.nextZskRoll, zone.nextCskRoll FROM zone WHERE
zone.name = ?

Nov 10 18:15:26 domein ods-enforcerd: SELECT keyData.id, keyData.rev,
keyData.zoneId, keyData.hsmKeyId, keyData.algorithm, keyData.inception,
keyData.role, keyData.introducing, keyData.shouldRevoke, keyData.standby,
keyData.activeZsk, keyData.publish, keyData.activeKsk, keyData.dsAtParent,
keyData.keytag, keyData.minimize FROM keyData WHERE keyData.zoneId = ? AND
keyData.role != ? AND keyData.dsAtParent = ? AND keyData.keytag = ?

Nov 10 18:15:26 domein ods-enforcerd: [cmdhandler] done handling command key
ds-seen --zone energiekeburger.nl --keytag 43156

 

As you kan see the keytag is correct with the zone:

root at domein:/usr/src/opendnssec-2.1.5# ods-enforcer

cmd> key list -v --zone energiekeburger.nl

Keys:

Zone:                           Keytype: State:    Date of next transition:
Size: Algorithm: CKA_ID:                          Repository: KeyTag:

energiekeburger.nl              KSK      active    ds-seen
4096  8          c702cc27df11f05115473bdfa95e6775 SoftHSM     43156

energiekeburger.nl              ZSK      active    ds-unsubmitted
4096  8          befcbf16a7fd63e27c1b986dc3933824 SoftHSM     47748

Command exit code: 0

cmd>

 

 

what am i missing ?

 

thanks in advance

 

Bas

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20191110/9b8a305d/attachment.htm>