[Opendnssec-user] KSK Rollover not performed in Opendnssec 2.1.7
Maurice Mahieu - INFO
maurice at info.nl
Thu Nov 12 10:25:21 UTC 2020
Hello,
After upgrading to Opendnssec 2.1.7 KSK rollovers are not happening.
My rollover list for the zone shows:
ods-enforcer rollover list -z skilhill.nl
Keys:
Zone: Keytype: Rollover expected:
skilhill.nl ZSK 2020-12-12 17:22:58
skilhill.nl KSK 2020-11-12 05:22:58
Now it is November 12 11:00 AM but the rollover list is still the same as above.
The messages log show:
Nov 12 05:22:58 ns04-clone ods-enforcerd: [enforcer] update zone: skilhill.nl
Nov 12 05:22:58 ns04-clone ods-enforcerd: [enforce_task] No changes to signconf file required for zone skilhill.nl
Is there any reason why the rollover is not taking place ?
Also I noticed after upgrading that the "Date of next transition" in the key list is the same for all keys and does not reflect the rollover value for the keys anymore, as in Opendnsec 1.4
ods-enforcer key list -z skilhill.nl
Keys:
Zone: Keytype: State: Date of next transition:
skilhill.nl ZSK active 2020-12-12 17:22:58
skilhill.nl KSK active 2020-12-12 17:22:58
Is this norrmal behaviour ?
With kind regards,
Maurice Mahieu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20201112/10c896aa/attachment.htm>
More information about the Opendnssec-user
mailing list