Stephane Bortzmeyer писал(а) 14.09.2025 13:15:
On Sun, Sep 14, 2025 at 01:05:25PM +0300,
Boris Gulay via Opendnssec-user <opendnssec-user@lists.opendnssec.org>
wrote
a message of 46 lines which said:
Zone has two keys as expected. But they have different states: ZSK is
in
ready state, KSK - publish. Can you please explain which states can
keys
have and what do thay mean? I can't change state of KSK with ds-seen
or
ds-submit.
Publish means it is published in the DNS but not yet usable for a DS
(OpenDNSSEC waits for a TTL). It will switch to Ready by itself.
RFC 7583 may be a good read.
Super, thank you. Found key states in 3.1 of that RFC.
Another question here: what are defaults for KskRollType and ZskRollType
in opendnssec?
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
