[Opendnssec-user] ds-seen not working

František Dvořák valtri at civ.zcu.cz
Sun Nov 10 18:01:46 UTC 2019


Hi,

the key 43156 is already active and in ds-seen state, so there were
zero keys to change and it's OK.

The "waiting" key would look like this (output from version 2.1.4):

example.com	KSK      ready     waiting for ds-seen	...

(Disclaimer: I'm mere user, so I hope I didn't overlook something here.
:-))

  František

Bas van den Dikkenberg píše v Ne 10. 11. 2019 v 18:18 +0100:
> Hi,
>  
> I am running opendnssec 2.1.5,
>  
> But key-ds-seen is not working any more?
>  
> From the command line i did this:
>  
> cmd> verbosity 10
> Verbosity level set to 10.
> Command exit code: 0
> cmd> key ds-seen --zone energiekeburger.nl --keytag 43156
> 0 KSK matches found.
> 0 KSKs changed.
> Command exit code: 11
> cmd>
> root at domein:/usr/src/opendnssec-2.1.5# tail -f /var/log/syslog
> Nov 10 18:15:11 domein ods-enforcerd: received command verbosity 10
> Nov 10 18:15:11 domein ods-enforcerd: [cmdhandler] verbosity command
> Nov 10 18:15:11 domein ods-enforcerd: [verbosity_cmd] verbosity
> command
> Nov 10 18:15:11 domein ods-enforcerd: [cmdhandler] done handling
> command verbosity 10
> Nov 10 18:15:26 domein ods-enforcerd: received command key ds-seen --
> zone energiekeburger.nl --keytag 43156
> Nov 10 18:15:26 domein ods-enforcerd: [cmdhandler] key ds-seen
> command
> Nov 10 18:15:26 domein ods-enforcerd: SELECT zone.id, zone.rev,
> zone.policyId, zone.name, zone.signconfNeedsWriting,
> zone.signconfPath, zone.nextChange, zone.ttlEndDs, zone.ttlEndDk,
> zone.ttlEndRs, zone.rollKskNow, zone.rollZskNow, zone.rollCskNow,
> zone.inputAdapterType, zone.inputAdapterUri, zone.outputAdapterType,
> zone.outputAdapterUri, zone.nextKskRoll, zone.nextZskRoll,
> zone.nextCskRoll FROM zone WHERE zone.name = ?
> Nov 10 18:15:26 domein ods-enforcerd: SELECT zone.id, zone.rev,
> zone.policyId, zone.name, zone.signconfNeedsWriting,
> zone.signconfPath, zone.nextChange, zone.ttlEndDs, zone.ttlEndDk,
> zone.ttlEndRs, zone.rollKskNow, zone.rollZskNow, zone.rollCskNow,
> zone.inputAdapterType, zone.inputAdapterUri, zone.outputAdapterType,
> zone.outputAdapterUri, zone.nextKskRoll, zone.nextZskRoll,
> zone.nextCskRoll FROM zone WHERE zone.name = ?
> Nov 10 18:15:26 domein ods-enforcerd: SELECT keyData.id, keyData.rev,
> keyData.zoneId, keyData.hsmKeyId, keyData.algorithm,
> keyData.inception, keyData.role, keyData.introducing,
> keyData.shouldRevoke, keyData.standby, keyData.activeZsk,
> keyData.publish, keyData.activeKsk, keyData.dsAtParent,
> keyData.keytag, keyData.minimize FROM keyData WHERE keyData.zoneId =
> ? AND keyData.role != ? AND keyData.dsAtParent = ? AND keyData.keytag
> = ?
> Nov 10 18:15:26 domein ods-enforcerd: [cmdhandler] done handling
> command key ds-seen --zone energiekeburger.nl --keytag 43156
>  
> As you kan see the keytag is correct with the zone:
> root at domein:/usr/src/opendnssec-2.1.5# ods-enforcer
> cmd> key list -v --zone energiekeburger.nl
> Keys:
> Zone:                           Keytype: State:    Date of next
> transition: Size: Algorithm: CKA_ID:                         
> Repository: KeyTag:
> energiekeburger.nl              KSK      active    ds-
> seen                  4096  8         
> c702cc27df11f05115473bdfa95e6775 SoftHSM     43156
> energiekeburger.nl              ZSK      active    ds-
> unsubmitted           4096  8         
> befcbf16a7fd63e27c1b986dc3933824 SoftHSM     47748
> Command exit code: 0
> cmd>
>  
>  
> what am i missing ?
>  
> thanks in advance
>  
> Bas
>  
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user




More information about the Opendnssec-user mailing list