[Opendnssec-user] Re: Not enough keys to satisfy ksk policy for zone
Sion Lloyd
sion at nominet.org.uk
Mon Jul 5 14:00:30 UTC 2010
On Friday 02 Jul 2010 7:33:39 pm Duane Wessels wrote:
> I'm experiencing the same problem (bug, I guess) that Volker Janzen
> mentioned a couple weeks ago. I manually added some keys as
> suggested by Matthijs, yet the problem persists:
>
> signer# ods-hsmutil list
> Listing keys in all repositories.
> 98 keys found.
>
> Repository ID Type
> ---------- -- ----
> SoftHSM 94d8e9c1791607a04b5178311298564b RSA/2048
> SoftHSM ebf9d895791702b318f12d400cf8c6c9 RSA/2048
> ...
> SoftHSM ddd4e1099bfc096dd7fd0698144fae93 RSA/2048
> SoftHSM 5d4dc4f3f67801a8d54a12c3367726dc RSA/2048
> SoftHSM 0ea18a5acbb6b1afbccca8d127e31e9f RSA/1024
> SoftHSM 89b73ec24a630648214bc5746fae858d RSA/1024
> SoftHSM 9c1cf5f9bd7f23a398919a6e78e489b9 RSA/1024
> ...
>
>
> Jul 2 18:28:44 signer ods-enforcerd: Zone fourth.tld found.
> Jul 2 18:28:44 signer ods-enforcerd: Policy for fourth.tld set to default.
> Jul 2 18:28:44 signer ods-enforcerd: Config will be output to
> /usr/local/var/opendnssec/signconf/fourth.tld.xml. Jul 2 18:28:44 signer
> ods-enforcerd: Not enough keys to satisfy ksk policy for zone: fourth.tld
> Jul 2 18:28:44 signer ods-enforcerd: ods-enforcerd will create some more
> keys on its next run Jul 2 18:28:44 signer ods-enforcerd: Error
> allocating ksks to zone fourth.tld Jul 2 18:28:44 signer ods-enforcerd:
> Disconnecting from Database... Jul 2 18:28:44 signer ods-enforcerd:
> Sleeping for 300 seconds.
>
> I must have missed something...?
I am working on this issue, I'll let the list know when it is fixed.
I have not seen a case where there are many unused keys before though, so can
you send me (off-list) a copy of your kasp.db so that I can see what is going
on?
Cheers,
Sion
More information about the Opendnssec-user
mailing list