[Opendnssec-user] Problems triggered by a zone removal in ODS 1.3.8.
Göran Bengtson
goeran at chalmers.se
Thu May 24 08:03:35 UTC 2012
I've created a BUG Report for this, but I wonder if this problem is seen
only by me. (Using ODS 1.3.8).
To summarize, removing a zone (from zonelist.xml etc) creates two problem.
1 The signer does not understand that the zone is removed (even
though the ods-ksmutil update all indicate that it is removed,
and the enforcer gets the picture. Th signer still tries to
sign the zone. This is resolved by restarting ODS.
2 This is serious. Immediately after the ods-ksmutil update command
is given ODS gets seriously confused about the keys in ANOTHER,
remaining zone. A new ZSK key is generated, and the active ZSK
dissapears (is not used anymore). ods-ksmutil key list
only show the KSK key and the newly generated ZSK key (in publish
state).
Now, this occurred first yesterday when removing a zone. But since it occurred
again today when removing another zone, the problem is reproducable, at least
with my installation.
/ Göran Bengtson
Chalmers
More information about the Opendnssec-user
mailing list