[Opendnssec-develop] Transient HSM problem handling
Rick van Rein
rick at openfortress.nl
Wed Sep 21 10:11:31 UTC 2011
> Then again, we did not have this option set (if that
> would fix it???):
> sudo ./vtl haAdmin -autoRecovery -retry 250
This would fix the one-sided *creation* of keys, but if
deletion would occur only on one node, this would copy
the key back again. This is not a desirable solution,
certainly not on LUNA 4 with its limited #licenses.
The real problem appears to be somewhere in the network
handling, as we mostly see it arise for the long-distance
connection between a signer in one location and the HSM
in the other.
More information about the Opendnssec-develop