[Opendnssec-user] Date of next transition/key roll over
Arun Natarajan
arun at arunns.com
Mon Aug 24 11:51:46 UTC 2020
Hi there,
May I know if there are any significant difference in interpreting "Date
of next transition" in ODS 2.4, compared to 1.4. In 1.4, it was more
predictable and depended on the key states. Now in 2.4, the date of next
transition appears same for all keys, is it applied to zone or key set?
example.com KSK generate 2020-08-24 08:47:00 2048 8
example.com ZSK active 2020-08-24 08:47:00 2048 8
example.com ZSK generate 2020-08-24 08:47:00 2048 8
example.com KSK generate 2020-08-24 08:47:00 2048 8
example.com ZSK ready 2020-08-24 08:47:00 2048 8
Is there a way to know when those key state will changes for example, to
active or retire?
During roll over the new keys are active, but the old key remains
without a state change. ZSK was pre-published but the old ZSK still
remains active. Similarly KSK is double signature all the time. The old
keys are not retiring.
example.com KSK active 2020-08-24 08:47:00 2048 8
example.com ZSK active 2020-08-24 08:47:00 2048 8
example.com KSK active 2020-08-24 08:47:00 2048 8
example.com KSK active 2020-08-24 08:47:00 2048 8
example.com ZSK ready 2020-08-24 08:47:00 2048 8
example.com KSK active 2020-08-24 08:47:00 2048 8
example.com ZSK ready 2020-08-24 08:47:00 2048 8
Did I miss any additional configurations in ODS2.4?
--
Regards,
More information about the Opendnssec-user
mailing list