[Opendnssec-user] Added new zones to OpenDNSSEC

Volker Janzen voja at voja.de
Fri Jul 2 09:27:19 UTC 2010

Hi all,

when I add a new zone to my DNS server, I'm always a bit confused about
the correct workflow. In the docs under "Adding/Removing zones" I just
find a call of "ods-ksmutil zone add --zone example.com". This call works
fine and adds the configuration. But the zone is not signed within

By private mail contact with Matthijs I found out that I should send a HUP
signal to the enforcer. I think is cannot be everything needs to be done.
Doing this the unsigned zone file is not found, because zone fetcher
hasn't got it yet.

I'm running a bind with an internal view for OpenDNSSEC with unsigned zone
data and an external view with signed zone for the rest of the world.

When I add a new unsigned zone to bind, what needs to be done to get a
signed zone back to bind?

Should I first call "ods-ksmutil zone add --zone example.com", then
restart all of OpenDNSSEC software and finally reload bind to send AXFR to
OpenDNSSEC or do I have to perform these steps in a different order? After
restarting everything and changing SOA again in bind and reload everything
works, but I don't know how to optimize (or script) this procedure.

Best regards,
   Volker Janzen

More information about the Opendnssec-user mailing list