I discovered a problem, and this might get me closer to a solution. I'm running Debian stable (stretch) and installed opendnssec from Debian testing (buster). I did this with the command "apt-get install opendnssec/testing", but this command installs opendnssec from testing (2.1.3 release) and gets it's dependencies from stable (2.0 release) including opendnssec-common which contains older versions of ods-signer and ods-enforcer (from the 2.0 release). In order to correct this I ran "apt-get -t testing install opendnssec-common", which installs dependencies from testing as well. So now all application files are from the 2.1.3 release.
The 1970 is gone. root@traxotic [/var/lib/opendnssec/signconf]$ ods-enforcer key list --verbose | grep dennisbaaten key list completed in 0 seconds. dennisbaaten.com ZSK retire 2017-11-14 14:36:34 2048 8 ce3507796d7c176695bbfdc18f100fc6 SoftHSM 52924 dennisbaaten.com ZSK active 2017-11-14 14:36:34 2048 8 49bad7794a2e2c4d5f44755f33317982 SoftHSM 11619 dennisbaaten.com KSK active 2017-11-14 14:36:34 4096 8 f82e46fa26d4772c3b09db259aa41a30 SoftHSM 59792 dennisbaaten.com ZSK retire 2017-11-14 14:36:34 2048 8 75602642359504fa4d1decc0d7ab37e4 SoftHSM 40563 dennisbaaten.com KSK publish 2017-11-14 14:36:34 4096 8 27384557fb5980c2b8fff0139e0d76e9 SoftHSM 32179 dennisbaaten.com ZSK publish 2017-11-14 14:36:34 2048 8 925276e53f3ac23420b34ed5f24d4892 SoftHSM 58128 and there seems to be something in the queue: root@traxotic [/var/lib/opendnssec/signconf]$ ods-enforcer queue There is 1 task scheduled. It is now Mon Nov 13 14:15:36 2017 (1510578936 seconds since epoch) Next task scheduled Mon Nov 13 14:16:06 2017 (1510578966 seconds since epoch) On Mon Nov 13 14:16:06 2017 I will [enforce] next zone queue completed in 0 seconds. However; The DB 2006 error in syslog persists. Not sure if this is causing troubles at this moment. The signconf file is not updated after ods-enforcer enforce (timestamp still the same). The signed zone files are also not updated (same timestamp). My initial guess is that tomorrow at the "Date of next transition" the rollovers will actually take place. If not, I will report back to the mailinglist. -- Dennis _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
