[Opendnssec-user] Problem signing a zone
Casper Gielen
c.gielen at uvt.nl
Mon Jun 20 15:30:07 UTC 2011
Op 20-06-11 16:29, Matthijs Mekking schreef:
> Ok, that explains why the signer is complaining about the configuration :).
>
> Looking again at your previous mail, I see:
>
> Jun 20 13:02:37 ramanujan ods-enforcerd: Not enough keys to satisfy ksk
> policy for zone: 4.x.x.x.x.x.x.x.0.1.0.0.2.ip6.arpa
> Jun 20 13:02:37 ramanujan ods-enforcerd: ods-enforcerd will create some
> more keys on its next run
> Jun 20 13:02:37 ramanujan ods-enforcerd: Error allocating ksks to zone
> 4.x.x.x.x.x.x.x.0.1.0.0.2.ip6.arpa
>
> Do you perhaps use shared keys?
> There was a known issue regarding shared keys and adding zones, but it
> should have been fixed in version 1.2.x (I see you are using the latest
> version).
Ho, I don't use shared keys, every zone uses its own keys
>
> A quick solution that should work would be to generate more keys manually:
>
>> ods-ksmutil key generate --policy default --interval P1Y
Unfortunately this does not solve the problem. If you are interested I
will send the configs to you by private mail. Thanks for looking into this.
--
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7
Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110620/1feaa306/attachment.bin>
More information about the Opendnssec-user
mailing list