[Opendnssec-user] KSK Rollover not performed in Opendnssec 2.1.7
Fred. Zwarts
F.Zwarts at KVI.nl
Thu Nov 12 12:45:53 UTC 2020
Op 12.nov..2020 om 11:25 schreef Maurice Mahieu - INFO via Opendnssec-user:
> Hello,
>
> After upgrading to Opendnssec 2.1.7 KSK rollovers are not happening.
>
> My rollover list for the zone shows:
>
> ods-enforcer rollover list -z skilhill.nl
> Keys:
> Zone: Keytype: Rollover expected:
> skilhill.nl ZSK 2020-12-12 17:22:58
> skilhill.nl KSK 2020-11-12 05:22:58
>
> Now it is November 12 11:00 AM but the rollover list is still the same
> as above.
>
> The messages log show:
>
> Nov 12 05:22:58 ns04-clone ods-enforcerd: [enforcer] update zone:
> skilhill.nl
> Nov 12 05:22:58 ns04-clone ods-enforcerd: [enforce_task] No changes to
> signconf file required for zone skilhill.nl
>
> Is there any reason why the rollover is not taking place ?
>
> Also I noticed after upgrading that the "Date of next transition" in the
> key list is the same for all keys and does not reflect the rollover
> value for the keys anymore, as in Opendnsec 1.4
>
> ods-enforcer key list -z skilhill.nl
> Keys:
> Zone: Keytype: State: Date of next transition:
> skilhill.nl ZSK active 2020-12-12 17:22:58
> skilhill.nl KSK active 2020-12-12 17:22:58
>
> Is this norrmal behaviour ?
>
> With kind regards,
>
> Maurice Mahieu
>
I have no idea what is wrong in your case, but our ods 2.1.7 started a
KSK roll-over correctly the day before yesterday.
> Keys:
> Zone: Keytype: State: Date of next transition:
> KVI.nl KSK retire waiting for ds-gone
> KVI.nl ZSK active 2020-12-07 12:11:57
> KVI.nl KSK ready waiting for ds-seen
Regards,
Fred.Zwarts.
More information about the Opendnssec-user
mailing list