-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Outdated
-
Affects Version/s: None
-
Fix Version/s: backlog
-
Component/s: Enforcer NG
-
Labels:
I am using the export command to get the DS record to upload to the parent zone. One KSK is unretentive and the other is rumoured. But both are exported as a DS RR. Shouldn't you just get the one that should be in the parent zone?
user@ubuntu:~$ sudo ods-enforcer key list
Database set to: /var/opendnssec/kasp.db
Keys:
Zone: Key role: DS: DNSKEY: RRSIGDNSKEY: RRSIG: Pub: Act: Id:
bellgrim.se KSK unretentive omnipresent omnipresent NA 1 1 c836807f68a3f21346ae79685c879091
bellgrim.se ZSK NA omnipresent NA omnipresent 1 1 f6f7bce84ec64396fd10bc2a4b9e987b
bellgrim.se KSK rumoured omnipresent omnipresent NA 1 1 e7159ea6afac4595e488032a65ce8f7c
key list completed in 0 seconds.
user@ubuntu:~$ sudo ods-enforcer key export --zone bellgrim.se --ds
bellgrim.se. 60 IN DS 8527 8 2 5803ae747855210ab775698aa8db83665b5e5993518694bc0b313fb10af0daa6
bellgrim.se. 60 IN DS 38254 8 2 963dac9ec1e2ea82a74c79779029bd8647e735fe1acac1786744f39b60a71e31
