[Opendnssec-user] possible error in error message of ods-signerd
Paul Wouters
paul at nohats.ca
Tue Jul 17 15:08:25 UTC 2012
On Tue, 17 Jul 2012, Matthijs Mekking wrote:
>> It's somewhat misleading, as I think all RRSIG generation failed,
>> and the message 81 out of 1910549 failed wrongly suggests some
>> RRSIGs were correctly generated.
>
> I guess 81 signatures could be reused and no HSM interaction was
> required.
You're missing the point. The zone never has or needs more then 81
signatures because it is signed with opt-in. We don't need 2M RRSIGs.
Paul
More information about the Opendnssec-user
mailing list