[Opendnssec-user] KSK Rollover in OpenDNSSec 2.0
Alexey Terentiev
alexey.te at isoc.org.il
Thu Aug 19 10:00:06 UTC 2021
Hi Gerhard
you can try the following:
ods-enforcer key export --zone *domainname* -t *keytype* -e *keystate* --ds
Best regards
Alexey Terentiev
On Thu, Aug 19, 2021 at 12:44 PM Gerhard Schmidt via Opendnssec-user <
opendnssec-user at lists.opendnssec.org> wrote:
> Hi
>
> KSK Roll-overs are approaching on many of my domains.
>
> I've done the roll-over on my second installation with v1.4 without any
> problem.
>
> But with 2.0 documentation is quite lacking and I'm struck.
>
> I started the roll-over with
>
> ods-enforcer key rollover --zone <domain>
>
> ods-enforcer rollover list reports
> <domain> KSK 2026-08-18 10:44:50
>
> ods-enforcer key list --zone <domain>
> <domain> KSK active 2021-08-20 00:44:50
> <domain> ZSK active 2021-08-20 00:44:50
> <domain> ZSK retire 2021-08-20 00:44:50
> <domain> KSK publish 2021-08-20 00:44:50
> <domain> ZSK publish 2021-08-20 00:44:50
>
> so far so good.
>
> Now I'm stuck. how do I get the information in need to send to my provider.
>
> I tried
> ods-enforcer key ds-submit --zone <doamin> -x <keyid>
> 0 KSK matches found.
> 0 KSKs changed.
>
> I tried
> ods-enforcer key export --zone <domain>
>
> no output at all
>
> Regard
> Estartu
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20210819/695a9a9a/attachment.htm>
More information about the Opendnssec-user
mailing list