Hi Casper,
> I have one zone that has the same problem (1970-01-01 01:00:00) and also > nextChange = 0. (I guess that's the same value). It does happen to be > the zone that I use for most of my testing. > > > root@metagross:~# ods-enforcer key list --zone scpdata.org > Keys: > Zone: Keytype: State: Date of next transition: > scpdata.org KSK retire 1970-01-01 01:00:00 > scpdata.org ZSK retire 1970-01-01 01:00:00 > scpdata.org ZSK retire 1970-01-01 01:00:00 > scpdata.org ZSK active 1970-01-01 01:00:00 > scpdata.org KSK retire 1970-01-01 01:00:00 > scpdata.org KSK retire 1970-01-01 01:00:00 > scpdata.org KSK retire 1970-01-01 01:00:00 > scpdata.org KSK retire 1970-01-01 01:00:00 > scpdata.org KSK retire 1970-01-01 01:00:00 > scpdata.org KSK retire 1970-01-01 01:00:00 > scpdata.org KSK retire 1970-01-01 01:00:00 > scpdata.org KSK retire 1970-01-01 01:00:00 > scpdata.org KSK retire 1970-01-01 01:00:00 > scpdata.org KSK ready waiting for ds-seen > key list completed in 1 seconds. > > > The large number of KSKs is due to testing. This zone uses fairly > aggressive KASP timings to speed up testing. > > Anything I can do to help? Is this a KASP with automatic or manual rolling KSK's? If it is manual there is nothing to do ever (nothing needs to be scheduled) since it is waiting for user input. Therefore These values are never updated (due to the aforementioned bug). But if we really want to know if opendnssec is working correctly it is necessary to look at its output. These timestamps are display only. Please take a look at the signconf file it produces for this zone and the signed zonefile the signer produces and make sure the correct keys are being used. //Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
