Uploaded image for project: 'OpenDNSSEC TRAC Import'
  1. OpenDNSSEC TRAC Import
  2. ODSTRACIMPORT-194

ods-ksmutil generates more keys than needed

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: trunk
    • Fix Version/s: None
    • Component/s: Enforcer
    • Labels:
      None

      Description

      In the attached file you will find two runs of 'ods-ksmutil key generate'. During the first, creates 3 KSK and 5 ZSK which is fine. The second run, 10 seconds later, generates the same number of keys.

      The issues seems to be in KsmKeyPairCreate: the keys are added to the keypairs table, but not the dnssseckeys table with state GENERATE, leading to be seen with 'empty' status in KEYDATA_VIEW. When cmd_genkeys tries to find the number of keys in the pool (via KsmKeyCountStillGood), it can't find them because they don't match the condition, forcing the generation of keys.

      Also monitoring the status of KEYDATA_VIEW entries for an specific policy, I noticed it went from 'empty' to status=2 (PUBLISH) when a key was used for incoming ZSK during normal processing.

        Attachments

          Activity

            People

            Assignee:
            sion SiƓn Lloyd
            Reporter:
            sebastian@nzrs.net.nz Sebastian Castro
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: