[Opendnssec-user] Key states question
Boris Gulay
boris at boressoft.ru
Sun Sep 14 11:09:00 UTC 2025
Stephane Bortzmeyer писал(а) 14.09.2025 13:15:
> On Sun, Sep 14, 2025 at 01:05:25PM +0300,
> Boris Gulay via Opendnssec-user <opendnssec-user at lists.opendnssec.org>
> wrote
> a message of 46 lines which said:
>
>> Zone has two keys as expected. But they have different states: ZSK is
>> in
>> ready state, KSK - publish. Can you please explain which states can
>> keys
>> have and what do thay mean? I can't change state of KSK with ds-seen
>> or
>> ds-submit.
>
> Publish means it is published in the DNS but not yet usable for a DS
> (OpenDNSSEC waits for a TTL). It will switch to Ready by itself.
>
> RFC 7583 may be a good read.
Super, thank you. Found key states in 3.1 of that RFC.
Another question here: what are defaults for KskRollType and ZskRollType
in opendnssec?
More information about the Opendnssec-user
mailing list