set_addkeytime "KEY1" "RETIRED" "${active}" 15552000
retired=$(key_get KEY1 RETIRED)
rndc_rollover "$SERVER" "$DIR" $(key_get KEY1 ID) "${retired}" "$ZONE"
-# Rollover starts in six months, but lifetime is set to six months plus
-# prepublication duration = 15552000 + 7500 = 15559500 seconds.
-set_keylifetime "KEY1" "15559500"
set_addkeytime "KEY1" "RETIRED" "${active}" 15559500
retired=$(key_get KEY1 RETIRED)
# Retire interval of this policy is 26h (93600 seconds).
# Schedule KSK rollover now.
set_policy "manual-rollover" "3" "3600"
set_keystate "KEY1" "GOAL" "hidden"
-# This key was activated one day ago, so lifetime is set to 1d plus
-# prepublication duration (7500 seconds) = 93900 seconds.
-set_keylifetime "KEY1" "93900"
created=$(key_get KEY1 CREATED)
set_keytime "KEY1" "RETIRED" "${created}"
rndc_rollover "$SERVER" "$DIR" $(key_get KEY1 ID) "${created}" "$ZONE"
# Schedule ZSK rollover now.
set_policy "manual-rollover" "4" "3600"
set_keystate "KEY2" "GOAL" "hidden"
-# This key was activated one day ago, so lifetime is set to 1d plus
-# prepublication duration (7500 seconds) = 93900 seconds.
-set_keylifetime "KEY2" "93900"
created=$(key_get KEY2 CREATED)
set_keytime "KEY2" "RETIRED" "${created}"
rndc_rollover "$SERVER" "$DIR" $(key_get KEY2 ID) "${created}" "$ZONE"
check_subdomain
dnssec_verify
# Roll over KEY2.
-# Set expected key lifetime, which is DNSKEY TTL plus the zone propagation delay,
-# plus the publish-safety: 7200s + 1h + 1d = 97200 seconds.
-set_keylifetime "KEY2" "97200"
created=$(key_get KEY2 CREATED)
rndc_rollover "$SERVER" "$DIR" $(key_get KEY2 ID) "${created}" "$ZONE"
# Update expected number of keys and key states.
}
} else {
isc_stdtime_t retire_time = 0;
- uint32_t lifetime = 0;
- (void)dst_key_getnum(key, DST_NUM_LIFETIME, &lifetime);
ret = dst_key_gettime(key, retire, &retire_time);
if (ret == ISC_R_SUCCESS) {
if (now < retire_time) {
" Next rollover "
"scheduled on ");
retire_time = keymgr_prepublication_time(
- dkey, kasp, lifetime, now);
+ dkey, kasp,
+ (retire_time - active_time),
+ now);
} else {
isc_buffer_printf(
buf, " Key will retire on ");
retire = when + prepub;
dst_key_settime(key->key, DST_TIME_INACTIVE, retire);
- dst_key_setnum(key->key, DST_NUM_LIFETIME, (retire - active));
/* Store key state and update hints. */
isc_dir_init(&dir);
projects / thirdparty / bind9.git / commitdiff
