On 15.07.2014 16:26, [email protected] wrote: > Hi, > > > > I’m playing around with opendnssec. I added a zone to openddnssec and it > was signed. > > Then I changed the date of the Server to (12.07.2015) a few dates > before the KSK retires. > > > > In the log file: > > Rollover of KSK expected at 2015-07-15 18:20:53 for vtg.at > > > > Also when I print the current keys: > > vtg.at KSK active 2015-07-15 > 18:20:53 (retire)
Have you manually run the enforcer? AFAIK the enforcer is run only once an hour and it may have not run after you have updated the local time. regards Klaus > > > > Then I changed the date to 2015-07-16. Suddenly a second KSK was here. > > vtg.at KSK ready waiting for > ds-seen (active) 2048 > > > > Why was the key not generated before the retire? I want that the key > gets generated 10 days before he expires. > > Otherwise the chain of trust is broken. > > > > Can anybody help me? > > > > Best regards, > > Christoph > > > > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
