[Opendnssec-user] opendnssec on Ubuntu 10.04 32bit
Bryton
bryton at tznic.or.tz
Fri Jul 1 10:02:38 UTC 2011
This is the error am getting I am trying to think about it through.
On 07/01/2011 12:29 PM, Rickard Bellgrim wrote:
> On Fri, Jul 1, 2011 at 11:17 AM, Bryton<bryton at tznic.or.tz> wrote:
>> Thanks Richard,
>>
>> Now this means that if I want to sign the zone before KSK is in ACTIVE state
>> it is not possible.and further to this What can I do to make the KSK to move
>> from Publish to Active as soon as possible?This is because After checking
>> the queue I have seen the bellow
>>
>> I have 1 tasks scheduled
>> It is now Fri Jul 1 12:13:51 2011
>> On Fri Jul 1 13:37:31 2011 I will sign zone tz
> The zone will be signed before the KSK is considered to be active. It
> is just that the DNSKEY+RRSIG must propagate before you can send up
> the DS to the parent zone.
>
> The Enforcer follows your policy where you have configured the timing
> parameters. It would not be wise to speed the process up uniless you
> can reflect the new timing parameters in your infrastructure.
>
> The Signer Engine will check if the signatures needs to be renewed
> every re-sign interval. If you have no signed zone in the location
> given by zonelist.xml, than check your syslog for further assistance.
> Did the Auditor complain in syslog?
>
> Try running "ods-signer sign tz" again and the check syslog. What does it say?
>
> // Rickard
--
Regards,
Bryton.
More information about the Opendnssec-user
mailing list