[Freeipa-users] DNSSEC active (?) ods-ksmutil
Günther J. Niederwimmer
gjn at gjn.priv.at
Fri May 13 11:14:32 UTC 2016
Hello,
I have activated now my domain with DNSSEC but I mean I have a Problem to set
it ACTIVE ?
I install and Test it from
https://www.freeipa.org/page/Howto/DNSSEC
but my output from
sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf ods-ksmutil key ds-
seen --zone example.com --keytag 40447
is
Cannot open destination file, will not make backup.
No keys in the READY state matched your parameters, please check the
parameters
when i say
sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf ods-ksmutil key list
--verbose
SQLite database set to: /var/opendnssec/kasp.db
Keys:
Zone: Keytype: State: Date of next
transition (to): Size: Algorithm: CKA_ID:
Repository: Keytag:
examle.com KSK publish 2016-05-14 00:16:00
(ready) 3072 8 6145b3b71c448dfc1130d0f9d2caac79 SoftHSM
40447
example.com ZSK active 2016-08-11 10:16:00
(retire) 2048 8 d7fe5c98d5f3f89aefb9e8dfb92ebcb1 SoftHSM
60630
The DS Record are published in the ".com" Domain
dig +rrcomments example.com DS
;; ANSWER SECTION:
example.com. 85610 IN DS 40447 8 1
4E04D91BF29E1941E00CC36B13BC3F50BBA5C913
example.com. 85610 IN DS 40447 8 2
92EE9E785D07C2BBCA83DFB1156D4D01052B441B8F3898734
Is this the correct status or have I to change anything ?
Have I to change the KSK status form publish to active or is this correct ?
Thanks for a answer
--
mit freundlichen Grüßen / best regards,
Günther J. Niederwimmer
More information about the Freeipa-users
mailing list