[Opendnssec-user] "error creating RRSIG" because of retired and purged ZSK
Siôn Lloyd
sion at nominet.org.uk
Mon Oct 24 10:56:41 UTC 2011
On 24/10/11 11:46, Peter Olsson wrote:
> Hello!
>
> Today we got this error, never seen it before:
> Oct 24 09:55:27 ns1 ods-signerd: error creating RRSIG for rrset[15]
> Oct 24 09:55:27 ns1 ods-signerd: failed to sign RRset[15]
> Oct 24 09:55:27 ns1 ods-signerd: unable to sign zone data: failed to sign domain
> Oct 24 09:55:27 ns1 ods-signerd: task [sign zone xxx.se] failed
> Oct 24 09:56:26 ns1 ods-signerd: signature set has no RRSIG record: drop signatures for RRset[15]
> Oct 24 09:56:26 ns1 ods-signerd: error creating RRSIG for rrset[15]
> Oct 24 09:56:26 ns1 ods-signerd: failed to sign RRset[15]
> Oct 24 09:56:26 ns1 ods-signerd: unable to sign zone data: failed to sign domain
> Oct 24 09:56:26 ns1 ods-signerd: task [sign zone xxx.se] failed
...
>
> Here is xxx.se.sc:
> ;ODSSE1
> ;name: xxx.se
> ;filename: /usr/local/var/opendnssec/signconf/xxx.se.xml
> ;last_modified: 1315781548
>
If the date here is correct it indicates that the file has not been
updated since 11 September 2011 (22:52:28)...
Is there anything in the enforcer logs that might indicate why this is
the case?
Feel free to contact me off-list.
Cheers,
Sion
More information about the Opendnssec-user
mailing list