-
Type:
Bug
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 2.1.6
-
Fix Version/s: 2.1.7
-
Component/s: Enforcer NG
-
Labels:None
-
Environment:
OpenBSD 6.6-CURRENT
Hi everyone,
this a follow-up to SUPPORT-250. When using a CSK instead of KSK+ZSK I get wrong KeyTags. For example:
ods-enforcer key list -v
| Zone: | Keytype: | ... | KeyTag: |
|---|---|---|---|
| example.com | CSK | ... | 55408 |
ods-enforcer key export --zone example.com --ds
example.com. 36175 IN DS 55407 14 2 ...
ods-enforcer key export --zone example.com
example.com. 86400 IN DNSKEY 256 3 14 ...
In the zonefile I have the following record:
example.com. 86400 IN DNSKEY 257 3 14 ...
Note that ods-enforcer key ds-submit and ods-enforcer key ds-seen
can't find any keys when I use --keytag 55408.