Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-272

Not rescheduling when key gets inserted

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.4.0a2
    • Fix Version/s: 2.0.0
    • Component/s: Enforcer NG
    • Labels:
      None
    • Sprint:
      2.0.0a4

      Description

      My TTL is larger than the ZSK lifetime, so the Enforcer does not want to insert that key. It then schedules itself 4 months later (lifetime of KSK). I fixed the issue in the policy and updated the kasp. The ZSK is inserted when I enforce a run. It does not however reschedule for the coming ZSK events, which should happen before the KSK events.

      user@ubuntu:/var/opendnssec$ sudo ods-enforcer key list
      Database set to: /var/opendnssec/kasp.db
      Keys:
      Zone: Key role: DS: DNSKEY: RRSIGDNSKEY: RRSIG: Pub: Act: Id:
      bellgrim.se KSK hidden hidden hidden NA 0 0 6e1860875a7aaaabc4d7c605d84c1ab4
      key list completed in 0 seconds.
      user@ubuntu:/var/opendnssec$ sudo ods-enforcer queue

      I have 2 tasks scheduled.
      It is now Tue Jun 5 08:10:34 2012
      On Thu Sep 13 08:10:25 2012 I will [resalt] policies
      On Sun Oct 7 08:10:25 2012 I will [enforce] bellgrim.se
      user@ubuntu:/var/opendnssec$ sudo pico /etc/opendnssec/kasp.xml
      user@ubuntu:/var/opendnssec$ sudo ods-enforcer update kasp
      update kasp completed in 0 seconds.
      user@ubuntu:/var/opendnssec$ sudo ods-enforcer queue

      I have 2 tasks scheduled.
      It is now Tue Jun 5 08:12:01 2012
      On Thu Sep 13 08:10:25 2012 I will [resalt] policies
      On Sun Oct 7 08:10:25 2012 I will [enforce] bellgrim.se
      user@ubuntu:/var/opendnssec$ sudo ods-enforcer enforce
      Next update for zone bellgrim.se scheduled at Wed Jun 6 04:12:06 2012
      Scheduled signconf task.
      enforce completed in 0 seconds.
      user@ubuntu:/var/opendnssec$ sudo ods-enforcer key list
      Database set to: /var/opendnssec/kasp.db
      Keys:
      Zone: Key role: DS: DNSKEY: RRSIGDNSKEY: RRSIG: Pub: Act: Id:
      bellgrim.se KSK hidden hidden hidden NA 0 0 6e1860875a7aaaabc4d7c605d84c1ab4
      bellgrim.se ZSK NA hidden NA rumoured 0 1 e6a94b1bdfb1cf129d2bdf70659d656a
      key list completed in 0 seconds.
      user@ubuntu:/var/opendnssec$ sudo ods-enforcer queue

      I have 2 tasks scheduled.
      It is now Tue Jun 5 08:12:17 2012
      On Thu Sep 13 08:10:25 2012 I will [resalt] policies
      On Sun Oct 7 08:10:25 2012 I will [enforce] bellgrim.se

        Attachments

          Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. OPENDNSSEC-199 No automatic tasks if the database is not created

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              Assignee:
              yuri Yuri Schaeffer
              Reporter:
              rickard Rickard Bellgrim
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 3 days
                  3d
                  Remaining:
                  Remaining Estimate - 3 days
                  3d
                  Logged:
                  Time Spent - Not Specified
                  Not Specified