[Opendnssec-user] ds-seen not working

Bas van den Dikkenberg bas at dikkenberg.net
Tue Nov 12 16:15:46 UTC 2019 

But they are still stuck in the ds-seen stage. 

 

Wehere how do you zee the next transaction date ?

 

 

Van: Opendnssec-user <opendnssec-user-bounces at lists.opendnssec.org> Namens Berry A.W. van Halderen
Verzonden: dinsdag 12 november 2019 17:12
Aan: opendnssec-user at lists.opendnssec.org
Onderwerp: Re: [Opendnssec-user] ds-seen not working

 

On 11/10/19 7:01 PM, František Dvořák wrote:
> Hi,
> 
> the key 43156 is already active and in ds-seen state, so there were
> zero keys to change and it's OK.
> 
> The "waiting" key would look like this (output from version 2.1.4):
> 
> example.com KSK ready waiting for ds-seen ...
> 
> (Disclaimer: I'm mere user, so I hope I didn't overlook something here.
> :-))

Quite correct, it is already active. Perhaps the output is confusing
as it states it is in state "ds-seen" but the next column is "date of
next transaction".

Hre the implementation is deliberate not to work on keys that have
already been ds-seen. This makes it a bit more clear to invoke a
DS seen on all keys waiting for it. Otherwise it would seem as if
it didn't do anything. Now the next time you will run you will get
a better indication the previous run was fine.

\Berry

> František
> 
> Bas van den Dikkenberg píše v Ne 10. 11. 2019 v 18:18 +0100:
>> Hi,
>> 
>> I am running opendnssec 2.1.5,
>> 
>> But key-ds-seen is not working any more?
>> 
>> From the command line i did this:
>> 
>> cmd> verbosity 10
>> Verbosity level set to 10.
>> Command exit code: 0
>> cmd> key ds-seen --zone energiekeburger.nl --keytag 43156
>> 0 KSK matches found.
>> 0 KSKs changed.
>> Command exit code: 11
>> cmd>
>> root at domein:/usr/src/opendnssec-2.1.5# <mailto:root at domein:/usr/src/opendnssec-2.1.5#>  tail -f /var/log/syslog
>> Nov 10 18:15:11 domein ods-enforcerd: received command verbosity 10
>> Nov 10 18:15:11 domein ods-enforcerd: [cmdhandler] verbosity command
>> Nov 10 18:15:11 domein ods-enforcerd: [verbosity_cmd] verbosity
>> command
>> Nov 10 18:15:11 domein ods-enforcerd: [cmdhandler] done handling
>> command verbosity 10
>> Nov 10 18:15:26 domein ods-enforcerd: received command key ds-seen --
>> zone energiekeburger.nl --keytag 43156
>> Nov 10 18:15:26 domein ods-enforcerd: [cmdhandler] key ds-seen
>> command
>> Nov 10 18:15:26 domein ods-enforcerd: SELECT zone.id, zone.rev,
>> zone.policyId, zone.name, zone.signconfNeedsWriting,
>> zone.signconfPath, zone.nextChange, zone.ttlEndDs, zone.ttlEndDk,
>> zone.ttlEndRs, zone.rollKskNow, zone.rollZskNow, zone.rollCskNow,
>> zone.inputAdapterType, zone.inputAdapterUri, zone.outputAdapterType,
>> zone.outputAdapterUri, zone.nextKskRoll, zone.nextZskRoll,
>> zone.nextCskRoll FROM zone WHERE zone.name = ?
>> Nov 10 18:15:26 domein ods-enforcerd: SELECT zone.id, zone.rev,
>> zone.policyId, zone.name, zone.signconfNeedsWriting,
>> zone.signconfPath, zone.nextChange, zone.ttlEndDs, zone.ttlEndDk,
>> zone.ttlEndRs, zone.rollKskNow, zone.rollZskNow, zone.rollCskNow,
>> zone.inputAdapterType, zone.inputAdapterUri, zone.outputAdapterType,
>> zone.outputAdapterUri, zone.nextKskRoll, zone.nextZskRoll,
>> zone.nextCskRoll FROM zone WHERE zone.name = ?
>> Nov 10 18:15:26 domein ods-enforcerd: SELECT keyData.id, keyData.rev,
>> keyData.zoneId, keyData.hsmKeyId, keyData.algorithm,
>> keyData.inception, keyData.role, keyData.introducing,
>> keyData.shouldRevoke, keyData.standby, keyData.activeZsk,
>> keyData.publish, keyData.activeKsk, keyData.dsAtParent,
>> keyData.keytag, keyData.minimize FROM keyData WHERE keyData.zoneId =
>> ? AND keyData.role != ? AND keyData.dsAtParent = ? AND keyData.keytag
>> = ?
>> Nov 10 18:15:26 domein ods-enforcerd: [cmdhandler] done handling
>> command key ds-seen --zone energiekeburger.nl --keytag 43156
>> 
>> As you kan see the keytag is correct with the zone:
>> root at domein:/usr/src/opendnssec-2.1.5# <mailto:root at domein:/usr/src/opendnssec-2.1.5#>  ods-enforcer
>> cmd> key list -v --zone energiekeburger.nl
>> Keys:
>> Zone: Keytype: State: Date of next
>> transition: Size: Algorithm: CKA_ID: 
>> Repository: KeyTag:
>> energiekeburger.nl KSK active ds-
>> seen 4096 8 
>> c702cc27df11f05115473bdfa95e6775 SoftHSM 43156
>> energiekeburger.nl ZSK active ds-
>> unsubmitted 4096 8 
>> befcbf16a7fd63e27c1b986dc3933824 SoftHSM 47748
>> Command exit code: 0
>> cmd>
>> 
>> 
>> what am i missing ?
>> 
>> thanks in advance
>> 
>> Bas
>> 
>> _______________________________________________
>> Opendnssec-user mailing list
>> Opendnssec-user at lists.opendnssec.org <mailto:Opendnssec-user at lists.opendnssec.org> 
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org <mailto:Opendnssec-user at lists.opendnssec.org> 
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 

_______________________________________________
Opendnssec-user mailing list
Opendnssec-user at lists.opendnssec.org <mailto:Opendnssec-user at lists.opendnssec.org> 
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20191112/764ad1dc/attachment.htm>

More information about the Opendnssec-user mailing list