> I have 3 test zones and each has an active KSK and a dsready KSK. > dsready KSK is labelled "When required". If I look in the zonefile, I > cannot see this DNSKEY. The only KSK I can find is the active one. > > What this dsready state should mean? In ODS 1.0, this state didn't > exist. Before the ready state, there was a published state.
The key in the DSREADY state is the standby key. It has had its DS record submitted to the parent but is not being published in the zone yet. It will not be published until it is going to be used. The idea is that if the key is needed in an emergency the shortest timescale that it can be used in is the publication through the child system. (It is imagined that dealing with the parent zone is the slower of the two.) Sion _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
