[Opendnssec-user] ksk rollover problem
sion at nominet.org.uk
Fri Jun 10 07:39:32 UTC 2011
> I found out that the signer had a, "update" command, so, I tried another
> zone, and after the enforcer generated the new signconf, I did :
> ods-signer update ZONE
> That kicked the signer and it picked up the new key.
> I don't really understand why the enforcer doesn't kick the signer as I
> guess it should.
The enforcer does try to update the signer whenever a signconf changes.
If for any reason that call fails it should log:
LOG_ERR, "Could not call signer engine"
LOG_INFO, "Will continue: call 'ods-signer update' to manually update zones"
(if this happens once during a run it will not try again to avoid
filling your logs).
Do you know if anything like this was logged at the time that the
More information about the Opendnssec-user