[Opendnssec-develop] Re: [OpenDNSSEC] #71: Auditor blocks domain signing entirely

Rick van Rein rick at openfortress.nl
Wed Jan 6 13:48:45 CET 2010


>  Works for me:
>  I let one zone constantly fail, the others end up in the signed directory

Are you talking about freshly added domains, or previously existing ones?

I'm trying to think what was different in my case.  Could the following
perhaps be an explanation?

I may have been adding more domains than I had keys ready.  (Not sure how
that works exactly, we only have howto documentation online.)

A zone was signed with the last keys available.  It had a problem and so
failed to pass through to the signed state.

The lack of further keys blocked the additional domains until more keys
were made available.

If that sort of thing can happen, it's an understandable explanation
to me.  Otherwise, I might try adding yet another bunch of domains, with
a "IN CNAME @" record in the first.


More information about the Opendnssec-develop mailing list