[Opendnssec-user] Adding a new zone

Sebastian Castro sebastian at nzrs.net.nz
Tue Mar 15 20:10:57 UTC 2011


On 03/16/2011 05:18 AM, Carlos M. Martinez wrote:
> Hello all,

Hi Carlos,

> 
> This is probably a (very) noob question, but, I need to get it out of my
> mind:
> 
> - When adding a zone, the auditor complains about not finding an XML
> config file for the zone signing. If I use ods-signer to try to sign the
> zone, I get a message stating that the zone is not yet being signed
> 
> - Around one hour later, the zone is effectively signed with a brand new key
> 
> The question is: which process controls the generation of this XML file
> and how can I force it to run earlier and not wait this period of time?

It's the enforcer which creates the signconf file, so probably you have
it running each hour. What version of openDNSSEC are you running?

Based on the information compiled by Patrik Wallstrom here
(http://www.opendnssec.org/2011/02/17/running-opendnssec-with-50000-zones/)
if you want to activate a zone for signing immediately, you can call the
enforcerd manually like

ods-enforcerd -1

to have the signconf file created and the keys set for the zone.


Cheers,

> 
> Warm regards
> 
> Carlos
> 
> 
> 
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user


-- 
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535



More information about the Opendnssec-user mailing list