[Opendnssec-user] Not enough keys to satisfy ksk policy for zone

Volker Janzen voja at voja.de
Sat Jun 26 14:27:52 UTC 2010

Hi Matthijs,

> Yes this is a bug. In the meantime, you can create some more keys
> manually with:
> # ods-ksmutil key generate --policy <name> --interval <duration>
> That should work.

this worked. Has the bug been reported before? I didn't find it in trac.

I found another issue in the man page. It shows "P2Y6M" as example for
the duration. Using this returns:

epun:~# ods-ksmutil key generate --policy default --interval P2Y6M
SQLite database set to: /var/lib/opendnssec/db/kasp.db
Key sharing is Off
Error: unable to convert Interval P2Y6M to seconds, error: unable to
translate string.

Why does this not work? Found it a bit confusing when using an example
from man page, which is not working.

Best regards,
	Volker Janzen

More information about the Opendnssec-user mailing list