Hi, i'm experiencing the 'key (NNN) has gone straight to active use without a prepublished phase' error from the ods-auditor.
While i totally agree on not automatically publishing such zones, there seems not to be any way to tell ODS that this key pair is actually valid and it should 'just accept' that the key has 'gone straight to active use' because 'i told you so'. Am i missing an option or a binary? Disabling the auditor in the configuration or hacking XML-files just so the signing finishes correctly is not what i consider a nice fix for these situations. --- I think what happend to this zone is; it's DS was published automatically just before the NL-zone reloads. The automated 'is DS available for $domain in ds-seen state'-checker i wrote found the DS active only 15 minutes after it being published and marked the key active, way before ODS expected that to happen(??). It's hard to tell what timing value actually deals with this. Could my theory be valid? With regards, -Sander. -- | If cats and dogs didn't have fur would we still pet them? | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
