On Fri, Jul 1, 2011 at 10:47 AM, Bryton <[email protected]> wrote: > 1:I have saved the zone I want to sing to the unsigned source as the configs > say and I was hoping ods-signer could sign it and I get the signed zone in > the signed directory but I don't get anything.Further to this I decided to > do ods-signer sign tz and I got Zone tz scheduled for immediate re-sign. > why does it saying it immediately and I went to the signed directory nothing > there.
The Signer Engine will only read the zone once you give it the "ods-signer sign tz"-command. So every time you edit the zone. Remember to give this command. "ods-signer queue" will output what the Signer Engine is working with. If something failed or if the zone was badly formated, then have a look in syslog. > 2:I hope now that all config are ok to get the DS so that I can publish to > the parent How do i get this. You can publish your DS once the KSK is in the ready state. You can get the key in three different ways: * See syslog * Configure DelegationSignerSubmitCommand * ods-ksmutil key export --zone tz --keystate ready --ds > 3:I did the bellow command and see the list bellow:- > > root@ubuntu-serv-dnssec:/var/lib# ods-ksmutil key list --verbose --zone tz > SQLite database set to: /var/lib/opendnssec/db/kasp.db > Keys: > Zone: Keytype: State: Date of next > transition: CKA_ID: > Repository: Keytag: > tz KSK publish 2011-07-02 > 01:04:24 2861479296b2cb6ed0f884a479b5e99d > SoftHSM 40949 > tz ZSK active 2011-07-31 > 11:04:24 880a44b2e853db6a26368ecdf292898d > SoftHSM 48528 > > > Wat is the DATE OF NEXT TRANSITION.I was hoping it to be 2012-07-02 01:04:24 > (Meaning its after 1 year for KSK ) ZSK is ok i think. A key goes between different states. KSK: Publish -> Ready -> (submit ds and ds-seen) -> Active At this time you will have 1 year until the next transition. // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
