[Opendnssec-user] ksk rollover problem
Mathieu Arnold
mat at mat.cc
Fri Jun 10 08:12:34 UTC 2011
+--On 10 juin 2011 08:39:32 +0100 Siôn Lloyd <sion at nominet.org.uk> wrote:
|
|> I found out that the signer had a, "update" command, so, I tried another
|> zone, and after the enforcer generated the new signconf, I did :
|> ods-signer update ZONE
|>
|> That kicked the signer and it picked up the new key.
|>
|> I don't really understand why the enforcer doesn't kick the signer as I
|> guess it should.
| LOG_ERR, "Could not call signer engine"
| LOG_INFO, "Will continue: call 'ods-signer update' to manually update
| zones"
|
| Do you know if anything like this was logged at the time that the
| enforcer ran?
I've checked the logs, and no, it never said that. It's buggering me
because the ZSK rollovers do happen just fine.
Maybe the codepath is a bit different when it's a manual KSK rollover of a
zone with a normally automatic one ?
--
Mathieu Arnold
More information about the Opendnssec-user
mailing list