[Opendnssec-user] adding a zone, key processing fails

Sebastian Castro sebastian at nzrs.net.nz
Wed Dec 15 20:39:18 CET 2010

Tom Hendrikx wrote:
> On 13/12/10 12:57, Sion Lloyd wrote:
> I wanted to migrate a signed zone to this new setup, and imported the
> keys that were already in use. The old keys had alg 7
> (RSASHA1-NSEC3-SHA1), but the policy to which I added the zone had alg 8
> (RSASHA256). After I noticed this error (upon signing), I removed the
> zone from ODS, and the keys from the HSM. I'm not really sure how I
> exactly did that (the logging has no useful data on that), but it seems
> that the keypair entries were not removed from kasp.db. This might just
> be a genuine case of PEBKAC :/
> Only conclusion would be that it would be nice if more logging of
> "ods-ksmutil zone *" commands would be available, at least for commands
> that change data. Currently 'zone add/delete' do not log anything. Same
> goes for ods-hsmutil.

We've been working internally with a version of ods-ksmutil that logs
the command executed. That helps us to track certain changes. If you or
any other opendnssec user think it's a useful feature, we could send the
patch to the developers.


> ------------------------------------------------------------------------
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535

More information about the Opendnssec-user mailing list