Hello, this mail is written to clarify a message from my logs. I don't think there is a problem, just a slightly harsh sounding message.
My logs regularly show them message "ZSK ... in use too long" as in example below. I thought this was a problem. A little investigation shows that this key has already been retired. So my conclusion is that everything is fine. (for the record: today is 2011-06-22) ods-auditor[19448]: Auditor started ods-auditor[19448]: Auditor starting on example.com ods-auditor[19448]: SOA differs : from 2010090270 to 2011062200 ods-auditor[19448]: Auditing example.com zone : NSEC3 SIGNED ods-auditor[19448]: ZSK 22173 in use too long - should be max 2595600 seconds but has been 2737322 seconds ods-auditor[19448]: Finished auditing example.com zone root@ramanujan:~# ods-ksmutil key list --zone example.com Keys: Zone: Keytype: State: Date of next transition: example.com ZSK retire 2011-06-27 20:30:12 example.com ZSK active 2011-07-20 19:00:12 example.com ZSK ready next rollover example.com ZSK ready next rollover example.com KSK dsready When required example.com KSK dsready When required example.com KSK active 2012-04-26 13:56:39 example.com ZSK ready next rollover example.com ZSK ready next rollover Can anyone verify that this is normal behaviour -- Casper Gielen <[email protected]> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
