Hi, I'm playing around with opendnssec. I added a zone to openddnssec and it was signed. Then I changed the date of the Server to (12.07.2015) a few dates before the KSK retires.
In the log file: Rollover of KSK expected at 2015-07-15 18:20:53 for vtg.at Also when I print the current keys: vtg.at KSK active 2015-07-15 18:20:53 (retire) Then I changed the date to 2015-07-16. Suddenly a second KSK was here. vtg.at KSK ready waiting for ds-seen (active) 2048 Why was the key not generated before the retire? I want that the key gets generated 10 days before he expires. Otherwise the chain of trust is broken. Can anybody help me? Best regards, Christoph
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
