Uploaded image for project: 'Support'
  1. Support
  2. SUPPORT-257

Why does the enforcer only show a "mixed" state for the CSK?

    XMLWordPrintable

    Details

    • Type: Support
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: OpenDNSSEC 2.1
    • Fix Version/s: None
    • Component/s: Enforcer NG
    • Labels:
      None

      Description

      The key state of a CSK is evaluated as both a KSK and a ZSK:

              case KEY_DATA_ROLE_CSK:
            k = kskstate(key);
            z = zskstate(key);
            if (k != z) return statenames[KS_MIX];
            return statenames[k];

      I'm not sure what state my newly created CSK is in (probably PUBLISH) but this is not helpful.

      If the KSK state on its own is not appropriate then maybe the key needs to be listed twice?

      This makes it very difficult to automate DS record checks because there's no easy way to find all the relevant keys.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            sa Simon Arlott
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: