On 24-10-2022 15:14, PGNet Dev wrote:
The good news it is not stuck.
What indicator flags that it IS 'stuck'? Is it explicitly logged?
Because the keymgr logs says it is just waiting time?
2022-10-21T16:55:22.690622-04:00 ns named[36683]: 21-Oct-2022
16:55:22.689 dnssec: debug 1: keymgr:
The good news it is not stuck.
What indicator flags that it IS 'stuck'? Is it explicitly logged?
BIND is waiting to make sure the new DS is also known to the validators. The
time being evaluated here is the DS TTL, plus parent-propagation-delay, plus
retire-safety. All these three values
Hi,
On 21-10-2022 23:05, PGNet Dev wrote:
I exec
rndc dnssec -checkds -key 63917 published example.com IN external
with dnssec loglevel -> debug, on exec, in logs
2022-10-21T16:55:22.690603-04:00 ns named[36683]: 21-Oct-2022
16:55:22.689 dnssec: debug 1: keymgr: examine KSK
I exec
rndc dnssec -checkds -key 63917 published example.com IN external
with dnssec loglevel -> debug, on exec, in logs
2022-10-21T16:55:22.690603-04:00 ns named[36683]: 21-Oct-2022 16:55:22.689
dnssec: debug 1: keymgr: examine KSK example.com/ECDSAP256SHA256/63917 type DS
in state
with bind 9.18, config'd for dnssec-policy automated signing, I've a dnssec
signed zone,
rndc dnssec -status example.com IN external
dnssec-policy: test
current time: Fri Oct 21 16:14:06 2022
key: 47219 (ECDSAP256SHA256), ZSK
5 matches
Mail list logo
