-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi JP,
> $ preload ods-ksmutil key list --zone tt01 -v Keys: Zone: > Keytype: State: Date of next transition (to): Keytag: tt01 > KSK dspublish 2015-11-13 13:15:46 (dsready) 23900 tt01 > ZSK active 2015-12-08 13:27:29 (retire) 11088 tt01 > KSK active 2016-11-10 09:34:57 (retire) 11519 > > The ds-seen indicates the key has been turned into a standby key. > Why is that done? I have no knowledge of that design decision. Or in fact if that was a decision at all. It does make sense though. Presumably you are using <ManualRollover/> for the KSK, reintroducing the DS pushes the statemachine to "publish DS but hold of DNSKEY". > Followup question: I haven't found any combination of commands > which will "un-standby" (i.e. remove, whatever) that key, other > than manipulating the underlying database tables. I'm unsure there is tooling for that. Though I would expect ods-ksmutil key ksk-retire --zone tt01 ---cka_id 4e7989ca670a7f421fd51d6e9373c271 to have the effect you are looking for. Regards, Yuri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlZFp4MACgkQI3PTR4mhavhojgCfSoNc32vB57rVjlPxHUpLRHxa 4NwAn27ibnhSjL4gUPDBYrbjoOUvgHud =pVLF -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
