On 10/19/2010 05:42 AM, Sion Lloyd wrote: > >> I appreciate any hint. Thanks. > > If you run: > ods-ksmutil key list --zone sub.domain.tld > > you will be told the state of the KSKs in that zone, I'm guessing that they > are in the READY state, or maybe PUBLISHED. >
I had the same confusion when I first created a signed zone. As I realized, you can not export the KSK just after the first signing, because you need to wait until the key is in the ready state (you need a prepublication time before it's safe to use it for validation). I think it'll be great a more verbose output from the export command. Something like "you need to wait a certain time, but if you're just testing use --force". Regards, Hugo _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
