Hi,
I have some problems with one of my domains.
Yesterday there was of the ZSK of the domain. But somehow it failed.
Part of the zone was signed with the old retired key and parts with the
new key.
I tried to fix it be removing the old key from the database and it
worked. The zone war signed all right and the domain was once again
accessible from the internet.
I'm going to vacation later this week and didn't want to have this issue
dangling. So I initiated another ZSK rollover. This was performed today
and again its didn't work as expected.
ods-enforcer key list
Keys:
Zone: Keytype: State: Date of next transition:
augusta.de KSK active 2022-09-11 09:35:35
augusta.de ZSK retire 2022-09-11 09:35:35
augusta.de ZSK ready 2022-09-11 09:35:35
ods-enforcer rollover list
Keys:
Zone: Keytype: Rollover expected:
augusta.de KSK 2026-08-19 09:34:59
augusta.de ZSK 2022-11-26 16:35:35
augusta.de ZSK 2022-11-26 16:35:35
the zone is still signed with the retried key.
any idea how I can fix this issue.
There are more the 10 other domains that didn't have the issue.
Regard
Gerhard
P.S. I'm using opendnssec version 2.1.3 I know it's not the actual
version but can't update right now. This installation has worked for at
least 4 years without any problems.
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
