Re: [Opendnssec-user] opendnssec on Ubuntu 10.04 32bit

Fri, 01 Jul 2011 02:18:05 -0700 


Thanks Richard,
Now this means that if I want to sign the zone before KSK is in ACTIVE state it is not possible.and further to this What can I do to make the KSK to move from Publish to Active as soon as possible?This is because After checking the queue I have seen the bellow 

I have 1 tasks scheduled
It is now Fri Jul  1 12:13:51 2011
On Fri Jul  1 13:37:31 2011 I will sign zone tz
This means that I want KSK to be ready before the time schedule to sign the zone. 




Rickard Bellgrim wrote:

On Fri, Jul 1, 2011 at 10:47 AM, Bryton<[email protected]>  wrote:

1:I have saved the zone I want to sing to the unsigned source as the configs
say and I was hoping ods-signer could sign it and I get the signed zone in
the signed directory but I don't get anything.Further to this I decided to
do  ods-signer sign tz   and I got Zone tz scheduled for immediate re-sign.
why does it saying it immediately and I went to the signed directory nothing
there.

The Signer Engine will only read the zone once you give it the
"ods-signer sign tz"-command. So every time you edit the zone.
Remember to give this command.

"ods-signer queue" will output what the Signer Engine is working with.
If something failed or if the zone was badly formated, then have a
look in syslog.


2:I hope now that all config are ok to get the DS so that I can publish to
the parent How do i get this.

You can publish your DS once the KSK is in the ready state.

You can get the key in three different ways:
* See syslog
* Configure DelegationSignerSubmitCommand
* ods-ksmutil key export --zone tz --keystate ready --ds


3:I did the bellow command and see the list bellow:-

root@ubuntu-serv-dnssec:/var/lib# ods-ksmutil key list --verbose --zone tz
SQLite database set to: /var/lib/opendnssec/db/kasp.db
Keys:
Zone:                           Keytype:      State:    Date of next
transition:  CKA_ID:
Repository:                       Keytag:
tz                              KSK           publish   2011-07-02
01:04:24       2861479296b2cb6ed0f884a479b5e99d
SoftHSM                           40949
tz                              ZSK           active    2011-07-31
11:04:24       880a44b2e853db6a26368ecdf292898d
SoftHSM                           48528


Wat is the DATE OF NEXT TRANSITION.I was hoping it to be 2012-07-02 01:04:24
(Meaning its after 1 year for KSK ) ZSK is ok i think.

A key goes between different states.

KSK: Publish ->  Ready ->  (submit ds and ds-seen) ->  Active

At this time you will have 1 year until the next transition.

// Rickard



--
Regards,
Bryton.

_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Reply via email to