[Opendnssec-user] Problem signing a zone
c.gielen at uvt.nl
Mon Jun 20 15:30:07 UTC 2011
Op 20-06-11 16:29, Matthijs Mekking schreef:
> Ok, that explains why the signer is complaining about the configuration :).
> Looking again at your previous mail, I see:
> Jun 20 13:02:37 ramanujan ods-enforcerd: Not enough keys to satisfy ksk
> policy for zone: 4.x.x.x.x.x.x.x.0.1.0.0.2.ip6.arpa
> Jun 20 13:02:37 ramanujan ods-enforcerd: ods-enforcerd will create some
> more keys on its next run
> Jun 20 13:02:37 ramanujan ods-enforcerd: Error allocating ksks to zone
> Do you perhaps use shared keys?
> There was a known issue regarding shared keys and adding zones, but it
> should have been fixed in version 1.2.x (I see you are using the latest
Ho, I don't use shared keys, every zone uses its own keys
> A quick solution that should work would be to generate more keys manually:
>> ods-ksmutil key generate --policy default --interval P1Y
Unfortunately this does not solve the problem. If you are interested I
will send the configs to you by private mail. Thanks for looking into this.
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7
Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the Opendnssec-user