[Opendnssec-user] Problem signing a zone

Casper Gielen c.gielen at uvt.nl
Mon Jun 20 15:30:07 UTC 2011

Op 20-06-11 16:29, Matthijs Mekking schreef:
> Ok, that explains why the signer is complaining about the configuration :).
> Looking again at your previous mail, I see:
> Jun 20 13:02:37 ramanujan ods-enforcerd: Not enough keys to satisfy ksk
> policy for zone: 4.x.x.x.x.x.x.x.
> Jun 20 13:02:37 ramanujan ods-enforcerd: ods-enforcerd will create some
> more keys on its next run
> Jun 20 13:02:37 ramanujan ods-enforcerd: Error allocating ksks to zone
> 4.x.x.x.x.x.x.x.
> Do you perhaps use shared keys?
> There was a known issue regarding shared keys and adding zones, but it
> should have been fixed in version 1.2.x (I see you are using the latest
> version).

Ho, I don't use shared keys, every zone uses its own keys

> A quick solution that should work would be to generate more keys manually:
>> ods-ksmutil key generate --policy default --interval P1Y

Unfortunately this does not solve the problem. If you are interested I
will send the configs to you by private mail. Thanks for looking into this.

Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981  63B8 2214 083C F80E 4AF7

Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110620/1feaa306/attachment.bin>

More information about the Opendnssec-user mailing list