[Opendnssec-user] KSK Rollover in OpenDNSSec 2.0
Gerhard Schmidt
schmidt at ze.tum.de
Thu Aug 19 09:16:42 UTC 2021
Hi
KSK Roll-overs are approaching on many of my domains.
I've done the roll-over on my second installation with v1.4 without any
problem.
But with 2.0 documentation is quite lacking and I'm struck.
I started the roll-over with
ods-enforcer key rollover --zone <domain>
ods-enforcer rollover list reports
<domain> KSK 2026-08-18 10:44:50
ods-enforcer key list --zone <domain>
<domain> KSK active 2021-08-20 00:44:50
<domain> ZSK active 2021-08-20 00:44:50
<domain> ZSK retire 2021-08-20 00:44:50
<domain> KSK publish 2021-08-20 00:44:50
<domain> ZSK publish 2021-08-20 00:44:50
so far so good.
Now I'm stuck. how do I get the information in need to send to my provider.
I tried
ods-enforcer key ds-submit --zone <doamin> -x <keyid>
0 KSK matches found.
0 KSKs changed.
I tried
ods-enforcer key export --zone <domain>
no output at all
Regard
Estartu
More information about the Opendnssec-user
mailing list