[Opendnssec-user] Unexpected DS state transition UNSUBMITTED to SUBMITTED (v 2.1.5)

Wessels, Duane dwessels at verisign.com
Fri Jun 25 20:25:22 UTC 2021 

Hi, I'm doing some tests with OpenDNSSEC.  My version is 2.1.5, from Ubuntu packages.

I see the output of 'ods-enforcer key list -d' go from:

aaa.example.com                 KSK      publish   ds-unsubmitted           128   13         0248f9eeaf8c305491a2989f74683c8b SoftHSM     33278

to:

aaa.example.com                 KSK      ready     waiting for ds-seen      128   13         0248f9eeaf8c305491a2989f74683c8b SoftHSM     33278

Based on what I read at the Key States Explained page of the wiki, I expected to see an intermediate SUBMIT state where I would then tell the enforcer that it has been submitted (but not yet seen).

My syslog has this:

Jun 25 19:57:52 ods ods-enforcerd: [enforcer] update zone: aaa.example.com
Jun 25 19:57:52 ods ods-enforcerd: [enforce_task] please submit DS with keytag 33278 for zone aaa.example.com
Jun 25 19:57:52 ods ods-enforcerd: [signconf_cmd] performing signconf for zone aaa.example.com
Jun 25 19:57:52 ods ods-enforcerd: [signconf_cmd] signconf done for zone aaa.example.com, notifying signer
Jun 25 19:57:52 ods ods-signerd: [signconf] zone aaa.example.com signconf: RESIGN[PT1M] REFRESH[PT1H] VALIDITY[P1D] DENIAL[P1D] KEYSET[PT0S] JITTER[PT30M] OFFSET[PT10M] NSEC[50] DNSKEYTTL[PT5M] SOATTL[PT5M] MINIMUM[PT5M] SERIAL[unixtime]
Jun 25 19:57:52 ods ods-signerd: [STATS] aaa.example.com 1624651072 RR[count=0 time=0(sec)] NSEC3[count=0 time=0(sec)] RRSIG[new=1 reused=7 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jun 25 19:57:52 ods ods-enforcerd: [keystate_ds_x_cmd] No "DelegationSignersubmitCommand" configured.
Jun 25 19:57:52 ods ods-enforcerd: [enforcer] update zone: aaa.example.com
Jun 25 19:57:52 ods ods-enforcerd: [enforce_task] No changes to signconf file required for zone aaa.example.com


DW


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4208 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20210625/8d798594/attachment.bin>

More information about the Opendnssec-user mailing list