I request manual reviews for unsigned and signed zones.
The first time, it works fine, but when I modify the zone file and cascade zone reload, while the log of the daemon shows, as expected:
Oct 27 10:38:16 js user.info js cascaded[12744]: [ZL]: Received a new copy of zone 'example.org' at serial 2025102703
Oct 27 10:38:16 js user.debug js cascaded[12744]: [CC]: Event received: UnsignedZoneUpdatedEvent { zone_name: Name(example.org.), zone_serial: Serial(2025102703) }
Oct 27 10:38:16 js user.info js cascaded[12744]: [CC]: Instructing review server to publish the unsigned zone
Oct 27 10:38:16 js user.debug js cascaded[12744]: Forwarding application command to unit 'RS'
Oct 27 10:38:16 js user.debug js cascaded[12744]: [RS] Received command: SeekApprovalForUnsignedZone { zone_name: Name(example.org.), zone_serial: Serial(2025102703) }
Oct 27 10:38:16 js user.info js cascaded[12744]: [RS]: Seeking approval for unsigned zone 'example.org' at serial 2025102703.
Oct 27 10:38:16 js user.info js cascaded[12744]: [RS] No review hook set; waiting for manual review
Oct 27 10:38:16 js user.info js cascaded[12744]: [RS]: Approve with command: cascade zone approve --unsigned example.org 2025102703
Oct 27 10:38:16 js user.info js cascaded[12744]: [RS]: Reject with command: cascade zone reject --unsigned example.org 2025102703
The output of cascade zone status does not change and does not display the fact that someone has to approve the zone:
Status report for zone 'example.org' using policy 'default'
✔ Waited for a new version of the example.org zone
✔ Loaded version 2025102703
Loaded at 2025-10-27T10:38:16+00:00 (5m 40s ago)
Loaded 266 B and 5 records from the filesystem in 0 seconds
✔ Waited for approval to sign version 2025102703
✔ Approval received to sign version 2025102703, signing requested
✔ Signed version 2025102703 as version 2025102707
Signing requested at 2025-10-27T10:37:33+00:00 (6m 22s ago)
Signing started at 2025-10-27T10:37:33+00:00 (6m 22s ago)
Signing finished at 2025-10-27T10:37:33+00:00 (6m 22s ago)
Collected 5 records in 0s, sorted in 0s
Generated 4 NSEC(3) records in 0s
Generated 5 signatures in 0s (5 sig/s)
Inserted signatures in 0s (5 sig/s)
Took 0s in total, using 1 threads
Current action: Finished
✔ Waited for approval to publish version 2025102707
✔ Published version 2025102707
Published zone available on 127.0.0.1:4543
DNSSEC keys:
ZSK tagged 7766:
Reference: file:///var/lib/cascade/keys/Kexample.org.+013+07766.key
Actively used for signing
KSK tagged 9032:
Reference: file:///var/lib/cascade/keys/Kexample.org.+013+09032.key
Actively used for signing
Details:
key file:///var/lib/cascade/keys/Kexample.org.+013+07766.key expires at 2025-11-26T08:47:38Z
key file:///var/lib/cascade/keys/Kexample.org.+013+09032.key expires at 2026-10-27T08:47:38Z
Restarting the daemon solves the problem:
✔ Waited for a new version of the example.org zone
✔ Loaded version 2025102703
Loaded at 2025-10-27T10:44:38+00:00 (6s ago)
Loaded 266 B and 5 records from the filesystem in 0 seconds
• Waiting for approval to sign version 2025102703
! Zone will be held until manually approved
Approve with: cascade zone approve --unsigned example.org 2025102703
Reject with: cascade zone reject --unsigned example.org 2025102703
DNSSEC keys:
KSK tagged 9032:
Reference: file:///var/lib/cascade/keys/Kexample.org.+013+09032.key
Actively used for signing
ZSK tagged 7766:
Reference: file:///var/lib/cascade/keys/Kexample.org.+013+07766.key
Actively used for signing
Details:
key file:///var/lib/cascade/keys/Kexample.org.+013+09032.key expires at 2026-10-27T08:47:38Z
key file:///var/lib/cascade/keys/Kexample.org.+013+07766.key expires at 2025-11-26T08:47:38Z
I request manual reviews for unsigned and signed zones.
The first time, it works fine, but when I modify the zone file and
cascade zone reload, while the log of the daemon shows, as expected:The output of
cascade zone statusdoes not change and does not display the fact that someone has to approve the zone:Restarting the daemon solves the problem: