> 2. ods-ksmutil key list > Keys: > Zone: Keytype: State: Date of next > transition: > xxx.com ZSK active 2012-03-27 15:02:21 > xxx.com KSK publish 2012-02-27 05:02:21 > > 3. root@debian:~# ods-ksmutil backup prepare > There were no keys to mark > root@debian:~# ods-ksmutil backup commit > There were no keys to mark > root@debian:~# ods-ksmutil backup list > Backups: > Date: Repository: > 2012-02-26 15:02:00 SoftHSM > > root@debian:~# ods-ksmutil backup done > There were no keys to mark > There were no keys to mark > > Do you have any suggestions?
I cannot say why there were no keys to mark as backed up. Do you have <RequireBackup> set for the SoftHSM repository (see in conf.xml)? If not, then the first message should have not been shown. The KSK will not become active until you have uploaded the DS RR and said ds-seen to the Enforcer. The first time you sign the zone, the KSK will sign the DNSKEY RRset. The keys and signatures will then be sent out. Once they have propagated for enough time, the KSK will be ready (date of next state 2012-02-27 05:02:21). At this point you can upload the corresponding DS RR to the parent zone. Once you say ds-seen, the key will be marked as active. // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
