Uploaded image for project: 'OpenDNSSEC Pivotal History'
  1. OpenDNSSEC Pivotal History
  2. ODSPTHIST-389

Active KSK made into standby key

FinishDeliverReject
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Accepted
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 41 : 21 Mar
    • Labels:

      Description

      I start signing for the first time. I have one KSK and one standby KSK. We are currently waiting for uploading the DS records. Everything works ok if I give ds-seen on the standby key first.

      But it breaks down if I give ds-seen (and no-retire) on the non-standby key before the standby key. It is made into a standby key and not active key.

      rickard@fou:~/opendnssec$ ods-ksmutil key list -z opendnssec.se
      MySQL database schema set to: opendnssec
      MySQL database user set to: opendnssec
      MySQL database password set
      Keys:
      Zone: Keytype: State: Date of next transition:
      opendnssec.se KSK ready next rollover
      opendnssec.se KSK dssub waiting for ds-seen
      opendnssec.se ZSK active 2010-03-25 01:01:24

      rickard@fou:~/opendnssec$ ods-ksmutil key list -z opendnssec.se -v
      MySQL database schema set to: opendnssec
      MySQL database user set to: opendnssec
      MySQL database password set
      Keys:
      Zone: Keytype: State: Date of next transition: CKA_ID: Repository: Keytag:
      opendnssec.se KSK ready next rollover 3654a9374ac53ad528df371e46a61e26 softHSM1 44437
      opendnssec.se KSK dssub waiting for ds-seen d2e3695575f55ab7cbb0d1142e2b1af9 softHSM1 47572
      opendnssec.se ZSK active 2010-03-25 01:01:24 b310259f9f57e0f6b8fcfd2fc7365c11 softHSM2 52990

      rickard@fou:~/opendnssec$ ods-ksmutil key ds-seen --no-retire -x 44437
      MySQL database schema set to: opendnssec
      MySQL database user set to: opendnssec
      MySQL database password set
      Found key with CKA_ID 3654a9374ac53ad528df371e46a61e26
      Key 3654a9374ac53ad528df371e46a61e26 made into standby
      rickard@fou:~/opendnssec$ ods-ksmutil key list -z opendnssec.se -v
      MySQL database schema set to: opendnssec
      MySQL database user set to: opendnssec
      MySQL database password set
      Keys:
      Zone: Keytype: State: Date of next transition: CKA_ID: Repository: Keytag:
      opendnssec.se KSK dspublish 2010-03-25 00:49:35 3654a9374ac53ad528df371e46a61e26 softHSM1 44437
      opendnssec.se KSK dssub waiting for ds-seen d2e3695575f55ab7cbb0d1142e2b1af9 softHSM1 47572
      opendnssec.se ZSK active 2010-03-25 01:01:24 b310259f9f57e0f6b8fcfd2fc7365c11 softHSM2 52990

        Attachments

          Activity

            People

            Assignee:
            sion SiƓn Lloyd
            Reporter:
            rickard Rickard Bellgrim
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: