[Opendnssec-user] possible error in error message of ods-signerd

Paul Wouters paul at nohats.ca
Tue Jul 17 15:08:25 UTC 2012


On Tue, 17 Jul 2012, Matthijs Mekking wrote:

>> It's somewhat misleading, as I think all RRSIG generation failed,
>> and the message 81 out of 1910549 failed wrongly suggests some
>> RRSIGs were correctly generated.
>
> I guess 81 signatures could be reused and no HSM interaction was
> required.

You're missing the point. The zone never has or needs more then 81
signatures because it is signed with opt-in. We don't need 2M RRSIGs.

Paul



More information about the Opendnssec-user mailing list