[Opendnssec-user] OpenDNSSEC running out of key ids
Simon Mittelberger
simon.mittelberger at united-domains.de
Wed Feb 9 10:52:29 UTC 2011
dear all,
we have opendnssec running with a lot of zones (currently 1500). ksk
lifetime is 48 hours and zsk liftime is 24 hours. so there are a lot of
rollovers going on (approx. 2250 rollovers a day).
we are getting the following error in our logs:
Feb 9 11:31:22 dnsec1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key
pair generated
Feb 9 11:31:22 dnsec1 ods-enforcerd: Created key in repository SoftHSM0
Feb 9 11:31:22 dnsec1 ods-enforcerd: ERROR: error executing SQL -
Duplicate entry '32767' for key 'PRIMARY'
Feb 9 11:31:22 dnsec1 ods-enforcerd: Error creating key in Database
Feb 9 11:31:22 dnsec1 ods-enforcerd: Error creating key in Database
opendnssec keeps trying to create keys with that id but it fails. we
tried to restart opendnssec but now it throws this error message and
crashes.
is there an upper limit for 32767 keys in the system? (as 32767 looks
like the max value of an int)
all the best,
simon
More information about the Opendnssec-user
mailing list