In manual mode, modifying the next signing time of zsk is invalid
the knot.conf:
...
database:
storage: /opt/tiger/data/ti/run/knot
kasp-db: keys
log:
- target: /opt/tiger/data/ti/run/knot/log/knot.log
server: debug
control: debug
zone: debug
any: debug
policy:
- id: manual_policy
manual: on
template:
- id: unsign
dnssec-signing: on
dnssec-policy: manual_policy
...
the zone.conf:
...
zone:
- domain: zjcdn.com.
storage: /opt/tiger/data/ti/etc/knot/zjcdn.com.7287/
file: zjcdn.com..zone
template: unsign
generate zsk:
./keymgr zjcdn.com. generate algorithm=13 zsk=yes retire=+10mo -d /opt/tiger/data/ti/run/knot/keys
18635cb5673c906ba267e490927a1a2620edd881
reload, and the result:
2023-12-03T15:45:38+0800 info [zjcdn.com.] DNSSEC, key, tag 1419, algorithm ECDSAP256SHA256, KSK, public, active
2023-12-03T15:45:38+0800 info [zjcdn.com.] DNSSEC, key, tag 30526, algorithm ECDSAP256SHA256, public, active
2023-12-03T15:45:38+0800 info [zjcdn.com.] DNSSEC, signing started
2023-12-03T15:45:38+0800 info [zjcdn.com.] DNSSEC, successfully signed
2023-12-03T15:45:38+0800 info [zjcdn.com.] DNSSEC, next signing at 2023-12-10T15:45:38+0800
2023-12-03T15:45:38+0800 info [zjcdn.com.] zone file updated, serial 2023032002 -> 2023032003
It seems that the retry time I set is invalid, so I used the following method again:
./keymgr zjcdn.com. set 18635cb5673c906ba267e490927a1a2620edd881 retire=+2mo remove=+3mo -d /opt/tiger/data/ti/run/knot/keys
OK
reload, and the result:
2023-12-03T15:49:19+0800 info [zjcdn.com.] DNSSEC, signing zone
2023-12-03T15:49:19+0800 info [zjcdn.com.] DNSSEC, key, tag 1419, algorithm ECDSAP256SHA256, KSK, public, active
2023-12-03T15:49:19+0800 info [zjcdn.com.] DNSSEC, key, tag 30526, algorithm ECDSAP256SHA256, public, active
2023-12-03T15:49:19+0800 info [zjcdn.com.] DNSSEC, signing started
2023-12-03T15:49:19+0800 info [zjcdn.com.] DNSSEC, zone is up-to-date
2023-12-03T15:49:19+0800 info [zjcdn.com.] DNSSEC, next signing at 2023-12-10T15:45:38+0800
Where is the problem with the above method? I just want to change the time for the next signing.