[Opendnssec-develop] Transient HSM problem handling

Rick van Rein rick at openfortress.nl
Wed Sep 21 10:11:31 UTC 2011

Hi Rickard,

> Then again, we did not have this option set (if that
> would fix it???):
> sudo ./vtl haAdmin -autoRecovery -retry 250

This would fix the one-sided *creation* of keys, but if
deletion would occur only on one node, this would copy
the key back again.  This is not a desirable solution,
certainly not on LUNA 4 with its limited #licenses.

The real problem appears to be somewhere in the network
handling, as we mostly see it arise for the long-distance
connection between a signer in one location and the HSM
in the other.


More information about the Opendnssec-develop mailing list