[Opendnssec-user] multiple zsk's
Casper Gielen
c.gielen at uvt.nl
Fri Sep 7 08:57:04 UTC 2012
Op 07-09-12 08:14, Bas van den Dikkenberg schreef:
> Hello
>
>
>
> I have multiple zone that have multiple active ZSK’s, for some kind of
> reason en doesn’t drop them automaticly, is there a way to do this bye
> hand ?
It may possible to some extent using ods-ksmutil retire and purge but I
don't think it is the right path forward.
First you need to make sure that a valid ZSK remains in place. You have
a ZSK that is active but not scheduled for any transition. While that is
theoretically possible it is a bit unusual and defeats the purpose of
having a seperate ZSK (instead of using the KSK for everything).
Is that something you have configured on purpose?
Could it be that you confused ZSK and KSK (such a policy does make sense
for a KSK)?
Please check that both the signer and the enforcer daemon are running.
Restart them to make sure they are really active. Is there anything in
the logs regarding this zone?
--
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7
Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
More information about the Opendnssec-user
mailing list