[Opendnssec-user] Not enough keys to satisfy ksk policy for zone

Matthijs Mekking matthijs at NLnetLabs.nl
Mon Jun 28 06:50:16 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

This bug has been reported and it is in our internal project tracker.
We are working on a better integration between the bug report system and
our internal tracker.

The issue 'P2Y6M' I was not aware off. It seems like a the code does
document a known issue that it cannot handle mixed formats. I agree that
this is confusing and I'll add a ticket to our internal tracker for this.

Thanks for reporting!

Best regards,

Matthijs

On 06/26/2010 04:27 PM, Volker Janzen wrote:
> Hi Matthijs,
> 
>> Yes this is a bug. In the meantime, you can create some more keys
>> manually with:
>> # ods-ksmutil key generate --policy <name> --interval <duration>
>> That should work.
> 
> this worked. Has the bug been reported before? I didn't find it in trac.
> 
> I found another issue in the man page. It shows "P2Y6M" as example for
> the duration. Using this returns:
> 
> epun:~# ods-ksmutil key generate --policy default --interval P2Y6M
> SQLite database set to: /var/lib/opendnssec/db/kasp.db
> Key sharing is Off
> Error: unable to convert Interval P2Y6M to seconds, error: unable to
> translate string.
> 
> Why does this not work? Found it a bit confusing when using an example
> from man page, which is not working.
> 
> 
> Best regards,
> 	Volker Janzen
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMKEYnAAoJEA8yVCPsQCW5Q1kH+gK0uh7BHrGZDNwB1bx+TXN7
4s3Ba0FLgrWdpXsbmR/rVUe3/oLMdY45ejsh3b2ueOAS9RPBUetJ+bnpTxdsZmEN
sa+sOmx2xhcYFVTWjK5ir6L/IJDdEvu1G/gAc9V5jM/i/W8q++qx8TAW59wLtxI6
o6ZTHDlrcd+/1moreGiLv7z9Gpv64Cl0WtW22IyFx4of5I+q7MwIRzLY1fRIZke9
hMnlGDvfZ2eWuIGePT4HMeuwdos0xmzc7iDRHWUxR5/aYdz+pIadMVdVEXvizwpo
Hr7PcgBGhckWarqfgXqFBhSnX7VEtQVDQ3zoP1D6lByBXEfxeYI9uvYfJuMnN94=
=pTyt
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list