[Opendnssec-user] deleting + adding zones causing outage

Matthijs Mekking matthijs at nlnetlabs.nl
Tue Jun 5 08:56:05 UTC 2012


I see that the problem has resolved now. Meaning that the signer 
configurations are probably not interesting anymore with respect to 
finding out why the signer produced no signatures.

My thought was that during these actions, you might have ended up with 
signer configurations with a key list that had no keys marked as active 
(<KSK/>, <ZSK/>).

Best regards,
   Matthijs


On Tue, 5 Jun 2012, Matthijs Mekking wrote:

> No, what I meant is what does the signer configuration file look like. So 
> what are the contents of /var/opendnssec/signconf/nohats.ca.xml?
>
> You may want to send that off list.
>
> Best regards,
> Matthijs
>
> On Mon, 4 Jun 2012, Paul Wouters wrote:
>
>> On Mon, 4 Jun 2012, Matthijs Mekking wrote:
>> 
>>> What does the signconf file for nohats.ca and the other zone look like?
>> 
>> Attached the nohats.ca one. The zone is stock default, eg:
>>
>>        <Zone name="nohats.ca">
>>                <Policy>default</Policy>
>>                <SignerConfiguration>/var/opendnssec/signconf/nohats.ca.xml</SignerConfiguration>
>>                <Adapters>
>>                        <Input>
>>                                <File>/etc/nsd/nohats.ca</File>
>>                        </Input>
>>                        <Output>
>>                                <File>/var/opendnssec/signed/nohats.ca</File>
>>                        </Output>
>>                </Adapters>
>>        </Zone>
>> 
>> The policy "default" is also stock.
>> 
>> Paul
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>



More information about the Opendnssec-user mailing list