[Opendnssec-user] Not enough keys to satisfy ksk policy for zone
Volker Janzen
voja at voja.de
Fri Jun 25 19:29:13 UTC 2010
Hi all,
now I've OpenDNSSEC up and running with a Bind using views to serve zones.
I added 4 zones to Bind. Three of them are already signed. The forth will
not sign because of this error message:
ods-enforcerd: Not enough keys to satisfy ksk policy for zone: <domain>
The docs say for this error message:
> One of these messages will be seen if the enforcer does not have enough
> unallocated keys to provide for the zone specified. If the
> ManualKeyGeneration tag is set in conf.xml then you will need to create
> new keys usingods-ksmutil key generate, otherwise new keys will be
> created when the enforcer runs next. (Don’t forget to backup any new
> keys.)
ManualKeyGeneration is diabled in conf.xml:
<!-- <ManualKeyGeneration/> -->
Logfile says
ods-enforcerd: ods-enforcerd will create some more keys on its next run
but it does not after some hours. This error message is repeated again and
again.
I'm using a SoftHSM. Has anybody an idea what I need to do for getting
automated as much keys as needed?
Best regards,
Volker Janzen
More information about the Opendnssec-user
mailing list