[Opendnssec-user] ZSK rollover problems

[Gerhard Schmidt]

Hi,

I have some problems with one of my domains.

Yesterday there was of the ZSK of the domain. But somehow it failed. 
Part of the zone was signed with the old retired key and parts with the 
new key.

I tried to fix it be removing the old key from the database and it 
worked. The zone war signed all right and the domain was once again 
accessible from the internet.

I'm going to vacation later this week and didn't want to have this issue 
dangling. So I initiated another ZSK rollover. This was performed today 
and again its didn't work as expected.

ods-enforcer key list
Keys:
Zone:                           Keytype: State:    Date of next transition:
augusta.de                      KSK      active    2022-09-11 09:35:35
augusta.de                      ZSK      retire    2022-09-11 09:35:35
augusta.de                      ZSK      ready     2022-09-11 09:35:35

ods-enforcer rollover list
Keys:
Zone:                           Keytype: Rollover expected:
augusta.de                      KSK      2026-08-19 09:34:59
augusta.de                      ZSK      2022-11-26 16:35:35
augusta.de                      ZSK      2022-11-26 16:35:35

the zone is still signed with the retried key.

any idea how I can fix this issue.

There are more the 10 other domains that didn't have the issue.

Regard
    Gerhard

P.S. I'm using opendnssec version 2.1.3 I know it's not the actual 
version but can't update right now. This installation has worked for at 
least 4 years without any problems.