Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Indicate that a submitted DS record has appeared in the parent zone (this triggers the completion of a KSK rollover, or the provisioning of a standby KSK).

Options

Code Block
[--zone <zone>                            aka -z]
--keytag <keytag> | --cka_id <CKA_ID>    aka -x / -k
[--no-notify|-l]                         aka -xl
[---cka_id <CKA_ID>no-retire|-f]                         aka -k
[--no-retire]
f
  • Specifiying a zone will speed up the search of keys by narrowing the field but is not mandatory

...

  • cka_id can be used to resolve a keytag clash. 
  • By default the command will simultaneously move the current key into the retired state. If you wish to delay this step then add

...

  • the --no-retire flag

...

  •  and use

...

  • the ksk-retire

...

  •  command when needed.
  • (Available in 1.4.3) By default the command will notify the enforcer there has been a change so that the changes take full effect. If you wish to delay this step then add the --no-notify flag and use the ods-control enforcer notifycommand after all the ds-seen commands have been issued. 

Command: key ksk-retire

Code Block
ods-ksmutil key ksk-retire

...