[Opendnssec-user] deleting + adding zones causing outage
Matthijs Mekking
matthijs at nlnetlabs.nl
Tue Jun 5 08:56:05 UTC 2012
I see that the problem has resolved now. Meaning that the signer
configurations are probably not interesting anymore with respect to
finding out why the signer produced no signatures.
My thought was that during these actions, you might have ended up with
signer configurations with a key list that had no keys marked as active
(<KSK/>, <ZSK/>).
Best regards,
Matthijs
On Tue, 5 Jun 2012, Matthijs Mekking wrote:
> No, what I meant is what does the signer configuration file look like. So
> what are the contents of /var/opendnssec/signconf/nohats.ca.xml?
>
> You may want to send that off list.
>
> Best regards,
> Matthijs
>
> On Mon, 4 Jun 2012, Paul Wouters wrote:
>
>> On Mon, 4 Jun 2012, Matthijs Mekking wrote:
>>
>>> What does the signconf file for nohats.ca and the other zone look like?
>>
>> Attached the nohats.ca one. The zone is stock default, eg:
>>
>> <Zone name="nohats.ca">
>> <Policy>default</Policy>
>> <SignerConfiguration>/var/opendnssec/signconf/nohats.ca.xml</SignerConfiguration>
>> <Adapters>
>> <Input>
>> <File>/etc/nsd/nohats.ca</File>
>> </Input>
>> <Output>
>> <File>/var/opendnssec/signed/nohats.ca</File>
>> </Output>
>> </Adapters>
>> </Zone>
>>
>> The policy "default" is also stock.
>>
>> Paul
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
More information about the Opendnssec-user
mailing list