Op 12.nov..2020 om 11:25 schreef Maurice Mahieu - INFO via Opendnssec-user:
Hello,
After upgrading to Opendnssec 2.1.7 KSK rollovers are not happening.
My rollover list for the zone shows:
ods-enforcer rollover list -z skilhill.nl
Keys:
Zone: Keytype: Rollover expected:
skilhill.nl ZSK 2020-12-12 17:22:58
skilhill.nl KSK 2020-11-12 05:22:58
Now it is November 12 11:00 AM but the rollover list is still the same
as above.
The messages log show:
Nov 12 05:22:58 ns04-clone ods-enforcerd: [enforcer] update zone:
skilhill.nl
Nov 12 05:22:58 ns04-clone ods-enforcerd: [enforce_task] No changes to
signconf file required for zone skilhill.nl
Is there any reason why the rollover is not taking place ?
Also I noticed after upgrading that the "Date of next transition" in the
key list is the same for all keys and does not reflect the rollover
value for the keys anymore, as in Opendnsec 1.4
ods-enforcer key list -z skilhill.nl
Keys:
Zone: Keytype: State: Date of next transition:
skilhill.nl ZSK active 2020-12-12 17:22:58
skilhill.nl KSK active 2020-12-12 17:22:58
Is this norrmal behaviour ?
With kind regards,
Maurice Mahieu
I have no idea what is wrong in your case, but our ods 2.1.7 started a
KSK roll-over correctly the day before yesterday.
Keys:
Zone: Keytype: State: Date of next transition:
KVI.nl KSK retire waiting for ds-gone
KVI.nl ZSK active 2020-12-07 12:11:57
KVI.nl KSK ready waiting for ds-seen
Regards,
Fred.Zwarts.
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
