Hello, I have activated now my domain with DNSSEC but I mean I have a Problem to set it ACTIVE ?
I install and Test it from https://www.freeipa.org/page/Howto/DNSSEC but my output from sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf ods-ksmutil key ds- seen --zone example.com --keytag 40447 is Cannot open destination file, will not make backup. No keys in the READY state matched your parameters, please check the parameters when i say sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf ods-ksmutil key list --verbose SQLite database set to: /var/opendnssec/kasp.db Keys: Zone: Keytype: State: Date of next transition (to): Size: Algorithm: CKA_ID: Repository: Keytag: examle.com KSK publish 2016-05-14 00:16:00 (ready) 3072 8 6145b3b71c448dfc1130d0f9d2caac79 SoftHSM 40447 example.com ZSK active 2016-08-11 10:16:00 (retire) 2048 8 d7fe5c98d5f3f89aefb9e8dfb92ebcb1 SoftHSM 60630 The DS Record are published in the ".com" Domain dig +rrcomments example.com DS ;; ANSWER SECTION: example.com. 85610 IN DS 40447 8 1 4E04D91BF29E1941E00CC36B13BC3F50BBA5C913 example.com. 85610 IN DS 40447 8 2 92EE9E785D07C2BBCA83DFB1156D4D01052B441B8F3898734 Is this the correct status or have I to change anything ? Have I to change the KSK status form publish to active or is this correct ? Thanks for a answer -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
