[Opendnssec-user] Adding a new zone
Siôn Lloyd
sion at nominet.org.uk
Wed Mar 16 08:27:30 UTC 2011
On Tuesday 15 Mar 2011 8:10:57 pm Sebastian Castro wrote:
> On 03/16/2011 05:18 AM, Carlos M. Martinez wrote:
> > Hello all,
>
> Hi Carlos,
>
> > This is probably a (very) noob question, but, I need to get it out of my
> > mind:
> >
> > - When adding a zone, the auditor complains about not finding an XML
> > config file for the zone signing. If I use ods-signer to try to sign the
> > zone, I get a message stating that the zone is not yet being signed
> >
> > - Around one hour later, the zone is effectively signed with a brand new
> > key
> >
> > The question is: which process controls the generation of this XML file
> > and how can I force it to run earlier and not wait this period of time?
>
> It's the enforcer which creates the signconf file, so probably you have
> it running each hour. What version of openDNSSEC are you running?
>
> Based on the information compiled by Patrik Wallstrom here
> (http://www.opendnssec.org/2011/02/17/running-opendnssec-with-50000-zones/)
> if you want to activate a zone for signing immediately, you can call the
> enforcerd manually like
>
> ods-enforcerd -1
>
> to have the signconf file created and the keys set for the zone.
Or you can send a SIGHUP to the ods-enforcerd process that is running to wake
it up.
Sion
More information about the Opendnssec-user
mailing list