SQLite database set to: /var/opendnssec/kasp.db
Keys:
Zone: Keytype: State: Date of next
transition (to): Size: Algorithm: CKA_ID: Repository:
Keytag:
<snip> KSK ready waiting for
ds-seen (active) 2048 8 4e73113d40c313a459d91ba0efe4b7c7
AEP 58156
<snip> ZSK retire 2012-11-13
05:47:10 (dead) 1024 8 8b28e3a000a937d4c4e4e33774e35c3a
AEP 19855
<snip> ZSK active 2012-12-05
16:47:10 (retire) 1024 8 07b751af4606264c62767c6894f41e3f
AEP 7645
Yesterday the ZSK rollover occurred. 19855 moved to "retire", "7645" was
selected as the next key and made "active".
ODS hasn't used the new "7645" key yet. It's been 14 hours, 14 signings.
I nuked the old signed zone thinking that perhaps it was re-using old
signatures and hadn't required signing with the new key yet, but that's
had no effect.
So...when exactly is ODS supposed to start mentioning the "active" key in
the zone?
-jake
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
