[Opendnssec-user] Adding a new zone

Siôn Lloyd sion at nominet.org.uk
Wed Mar 16 08:27:30 UTC 2011


On Tuesday 15 Mar 2011 8:10:57 pm Sebastian Castro wrote:
> On 03/16/2011 05:18 AM, Carlos M. Martinez wrote:
> > Hello all,
> 
> Hi Carlos,
> 
> > This is probably a (very) noob question, but, I need to get it out of my
> > mind:
> > 
> > - When adding a zone, the auditor complains about not finding an XML
> > config file for the zone signing. If I use ods-signer to try to sign the
> > zone, I get a message stating that the zone is not yet being signed
> > 
> > - Around one hour later, the zone is effectively signed with a brand new
> > key
> > 
> > The question is: which process controls the generation of this XML file
> > and how can I force it to run earlier and not wait this period of time?
> 
> It's the enforcer which creates the signconf file, so probably you have
> it running each hour. What version of openDNSSEC are you running?
> 
> Based on the information compiled by Patrik Wallstrom here
> (http://www.opendnssec.org/2011/02/17/running-opendnssec-with-50000-zones/)
> if you want to activate a zone for signing immediately, you can call the
> enforcerd manually like
> 
> ods-enforcerd -1
> 
> to have the signconf file created and the keys set for the zone.

Or you can send a SIGHUP to the ods-enforcerd process that is running to wake 
it up.

Sion



More information about the Opendnssec-user mailing list