[Opendnssec-user] ds-seen not working
František Dvořák
valtri at civ.zcu.cz
Sun Nov 10 18:01:46 UTC 2019
Hi,
the key 43156 is already active and in ds-seen state, so there were
zero keys to change and it's OK.
The "waiting" key would look like this (output from version 2.1.4):
example.com KSK ready waiting for ds-seen ...
(Disclaimer: I'm mere user, so I hope I didn't overlook something here.
:-))
František
Bas van den Dikkenberg píše v Ne 10. 11. 2019 v 18:18 +0100:
> Hi,
>
> I am running opendnssec 2.1.5,
>
> But key-ds-seen is not working any more?
>
> From the command line i did this:
>
> cmd> verbosity 10
> Verbosity level set to 10.
> Command exit code: 0
> cmd> key ds-seen --zone energiekeburger.nl --keytag 43156
> 0 KSK matches found.
> 0 KSKs changed.
> Command exit code: 11
> cmd>
> root at domein:/usr/src/opendnssec-2.1.5# tail -f /var/log/syslog
> Nov 10 18:15:11 domein ods-enforcerd: received command verbosity 10
> Nov 10 18:15:11 domein ods-enforcerd: [cmdhandler] verbosity command
> Nov 10 18:15:11 domein ods-enforcerd: [verbosity_cmd] verbosity
> command
> Nov 10 18:15:11 domein ods-enforcerd: [cmdhandler] done handling
> command verbosity 10
> Nov 10 18:15:26 domein ods-enforcerd: received command key ds-seen --
> zone energiekeburger.nl --keytag 43156
> Nov 10 18:15:26 domein ods-enforcerd: [cmdhandler] key ds-seen
> command
> Nov 10 18:15:26 domein ods-enforcerd: SELECT zone.id, zone.rev,
> zone.policyId, zone.name, zone.signconfNeedsWriting,
> zone.signconfPath, zone.nextChange, zone.ttlEndDs, zone.ttlEndDk,
> zone.ttlEndRs, zone.rollKskNow, zone.rollZskNow, zone.rollCskNow,
> zone.inputAdapterType, zone.inputAdapterUri, zone.outputAdapterType,
> zone.outputAdapterUri, zone.nextKskRoll, zone.nextZskRoll,
> zone.nextCskRoll FROM zone WHERE zone.name = ?
> Nov 10 18:15:26 domein ods-enforcerd: SELECT zone.id, zone.rev,
> zone.policyId, zone.name, zone.signconfNeedsWriting,
> zone.signconfPath, zone.nextChange, zone.ttlEndDs, zone.ttlEndDk,
> zone.ttlEndRs, zone.rollKskNow, zone.rollZskNow, zone.rollCskNow,
> zone.inputAdapterType, zone.inputAdapterUri, zone.outputAdapterType,
> zone.outputAdapterUri, zone.nextKskRoll, zone.nextZskRoll,
> zone.nextCskRoll FROM zone WHERE zone.name = ?
> Nov 10 18:15:26 domein ods-enforcerd: SELECT keyData.id, keyData.rev,
> keyData.zoneId, keyData.hsmKeyId, keyData.algorithm,
> keyData.inception, keyData.role, keyData.introducing,
> keyData.shouldRevoke, keyData.standby, keyData.activeZsk,
> keyData.publish, keyData.activeKsk, keyData.dsAtParent,
> keyData.keytag, keyData.minimize FROM keyData WHERE keyData.zoneId =
> ? AND keyData.role != ? AND keyData.dsAtParent = ? AND keyData.keytag
> = ?
> Nov 10 18:15:26 domein ods-enforcerd: [cmdhandler] done handling
> command key ds-seen --zone energiekeburger.nl --keytag 43156
>
> As you kan see the keytag is correct with the zone:
> root at domein:/usr/src/opendnssec-2.1.5# ods-enforcer
> cmd> key list -v --zone energiekeburger.nl
> Keys:
> Zone: Keytype: State: Date of next
> transition: Size: Algorithm: CKA_ID:
> Repository: KeyTag:
> energiekeburger.nl KSK active ds-
> seen 4096 8
> c702cc27df11f05115473bdfa95e6775 SoftHSM 43156
> energiekeburger.nl ZSK active ds-
> unsubmitted 4096 8
> befcbf16a7fd63e27c1b986dc3933824 SoftHSM 47748
> Command exit code: 0
> cmd>
>
>
> what am i missing ?
>
> thanks in advance
>
> Bas
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
More information about the Opendnssec-user
mailing list