[Opendnssec-user] ksk rollover problem

Mathieu Arnold mat at mat.cc
Fri Jun 10 08:12:34 UTC 2011


+--On 10 juin 2011 08:39:32 +0100 Siôn Lloyd <sion at nominet.org.uk> wrote:
| 
|> I found out that the signer had a, "update" command, so, I tried another
|> zone, and after the enforcer generated the new signconf, I did :
|> ods-signer update ZONE
|> 
|> That kicked the signer and it picked up the new key.
|> 
|> I don't really understand why the enforcer doesn't kick the signer as I
|> guess it should.
| LOG_ERR, "Could not call signer engine"
| LOG_INFO, "Will continue: call 'ods-signer update' to manually update
| zones"
| 
| Do you know if anything like this was logged at the time that the
| enforcer ran?

I've checked the logs, and no, it never said that. It's buggering me
because the ZSK rollovers do happen just fine.

Maybe the codepath is a bit different when it's a manual KSK rollover of a
zone with a normally automatic one ?

-- 
Mathieu Arnold



More information about the Opendnssec-user mailing list