[Opendnssec-user] Stuck without ZSKs
Rick van Rein
rick at openfortress.nl
Tue Aug 24 10:18:19 UTC 2010
Hi,
In our test setup we use OpenDNSSEC 1.1.1 and/or 1.1.2-rc on SoftHSM.
In both versions, we are experiencing "Not enough keys to satisfy zsk
policy for zone" problems. This started at some point, probably when
the KASP Enforcer decided it wanted to cycle ZSKs.
I would have expected that keys are automatically generated to relieve
this problem, but that is not happening. Signalling that the keys
have been backed up (using either of the untouched "backup done" or
using our patched 2-phase commit) does not help.
In the past, I've overcome this by having keys generated with "key
generate", but this is not desirable in the normal course of action.
Has anyone seen this before, and where should I look to resolve it?
Thanks,
-Rick
More information about the Opendnssec-user
mailing list