[Opendnssec-user] Duplicate keys

Siôn Lloyd sion at nominet.org.uk
Fri Oct 14 12:47:43 UTC 2011


On 13/10/11 11:00, Casper Gielen wrote:
>
> root at metagross:~# ods-enforcerd -1
> Oct 13 11:50:43 metagross ods-enforcerd: Zone hetnieuwemarketingdenken.nl found.
> Oct 13 11:50:43 metagross ods-enforcerd: Policy for hetnieuwemarketingdenken.nl set to default.
> Oct 13 11:50:43 metagross ods-enforcerd: Config will be output to /var/lib/opendnssec/signconf/hetnieuwemarketingdenken.nl.xml.
> Oct 13 11:50:43 metagross ods-enforcerd: Not enough keys to satisfy ksk policy for zone: hetnieuwemarketingdenken.nl
> Oct 13 11:50:43 metagross ods-enforcerd: ods-enforcerd will create some more keys on its next run
> Oct 13 11:50:43 metagross ods-enforcerd: Error allocating ksks to zone hetnieuwemarketingdenken.nl
>
>
>
>
> root at metagross:/var/lib/opendnssec/signconf# cat hetnieuwemarketingdenken.nl.xml
> <SignerConfiguration>
>          <Zone name="hetnieuwemarketingdenken.nl">
...

It looks like there are duplicate keys in the database... Could you send 
me (offlist is probably best) the results of this sql command:

select * from dnsseckeys where zone_id = (select id from zones where 
name = 'hetnieuwemarketingdenken.nl');

The manual key generation will not work because it thinks that you want 
-3 months of keys... the command:

ods-ksmutil key generate --policy default --interval P3M

should work.

Cheers.
Sion




More information about the Opendnssec-user mailing list