[Opendnssec-user] Not enough keys to satisfy ksk policy for zone
Volker Janzen
voja at voja.de
Sat Jun 26 14:27:52 UTC 2010
Hi Matthijs,
> Yes this is a bug. In the meantime, you can create some more keys
> manually with:
> # ods-ksmutil key generate --policy <name> --interval <duration>
> That should work.
this worked. Has the bug been reported before? I didn't find it in trac.
I found another issue in the man page. It shows "P2Y6M" as example for
the duration. Using this returns:
epun:~# ods-ksmutil key generate --policy default --interval P2Y6M
SQLite database set to: /var/lib/opendnssec/db/kasp.db
Key sharing is Off
Error: unable to convert Interval P2Y6M to seconds, error: unable to
translate string.
Why does this not work? Found it a bit confusing when using an example
from man page, which is not working.
Best regards,
Volker Janzen
More information about the Opendnssec-user
mailing list