Hello,
I just finished migrating from 1.4.10 to 2.1.0 and everything appears
to be running. The only thing I noticed is an extra KSK appearing:
root@alita:/etc/opendnssec# ods-enforcer rollover list -z dnssec-test.intern
Keys:
Zone: Keytype: Rollover expected:
dnssec-test.intern KSK No roll scheduled
dnssec-test.intern KSK No roll scheduled
dnssec-test.intern ZSK 2017-04-29 17:07:07
dnssec-test.intern ZSK 2017-04-29 17:07:07
root@alita:/etc/opendnssec# ods-enforcer key list -z dnssec-test.intern -d
Keys:
Zone: Key role: DS: DNSKEY:
RRSIGDNSKEY: RRSIG: Pub: Act: Id:
dnssec-test.intern KSK rumoured omnipresent
omnipresent NA 1 1 e79f3f37b8a9e76c6b63fd273daadb31
dnssec-test.intern KSK omnipresent omnipresent
omnipresent NA 1 1 66c43087a1ae1989a17d2133de599e26
dnssec-test.intern ZSK NA omnipresent NA
rumoured 1 1 29099c0d3024b7fa908cd27576aabd2d
dnssec-test.intern ZSK NA omnipresent NA
unretentive 1 0 eb6252b8fb97e2c39f27514216cfb645
So I have an extra KSK in state rumoured with no key roll scheduled but active
in the zone. Is this to be expected?
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
