[Opendnssec-user] Cannot sign .FR, stops at fr.in.sorted

Rickard Bellgrim rickard.bellgrim at iis.se
Wed Oct 28 15:38:37 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Trying to sign a copy of ".FR" (1.5 Mdomains, NSEC3, opt-out, two DS
> added), the auditor runs for a long time (see my other messages) then
> stops and I find no /var/opendnssec/signed/fr (I can sign smaller
> zones fine). In /var/opendnssec/tmp, I find only:

We have never tried to run the auditor on such a large zone. Not even with the .SE zone. The auditor checks everything from its requirements. A future version can be configured to perform a subset of these tests. But for now, you have to disable the auditor for a very large zone.

1.
Remove the audit tag from your policy in the kasp.xml

2.
Update the system
"ods-ksmutil update"

3.
Wait for the ods-enforcerd to generate a new configuration. It does that with the period specified in the conf.xml (<Enforcer><Interval>) Or if you want it to do it right away:
killall -HUP ods-enforcerd
(don’t forget the -HUP)

4.
Now will the signer have a new zone configuration to sign with.

// Rickard

-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBSuhlfOCjgaNTdVjaAQhgcAf+JufJ/DPU4evdN+j1LojYfx9vvDmaPj5O
Ex/c/tSfEXySJpHKWiYss7zaJo49JblHOlYAxmAv+ksjhml6A7pRHWH/JtY9flD3
X0DrTSDH/tJhIDlrtS5JgedM3QUJBf4r/c2rgXRIXLtoOTPA1106qmxfB+455wVY
KvU4Nt5E7dWTWRQnSlndDJKXjH1UH59iiSCysJP2n9wDaXDDUCR8p0C499Sz49EX
DnYEb8Ua4zJ+Q9Nt3xHnYz35/nOIGnJu7zgUcvdECDeerT46+FXjLCmiecoBPjJP
wpyxrLQ7lTQ7VLT+IWm7C3cDQrB52+AV/RIEfHETPIoGEZHU/Uk4dw==
=XYwd
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091028/cdecdd2c/attachment.htm>


More information about the Opendnssec-user mailing list