[Opendnssec-user] DNSKEY will expire in 11.6381365740741 days (kskwarn is 12.0)

Matthijs Mekking matthijs at nlnetlabs.nl
Tue Dec 10 10:35:49 UTC 2013


On 12/10/2013 11:21 AM, Volker Janzen wrote:

> Anything I can check before trying to restart the signer?

Gather some evidence:

- Increase the verbosity of the signer (ods-signer verbosity 5) and see
if there is something in the logs then

- Get the queue: ods-signer queue

- Check the nagios configuration and see if it matches the kasp.xml
validity and refresh values.

Best regards,

> Regards,
>    Volker
> On Tue, 10 Dec 2013 11:15:52 +0100, Rick van Rein
> <rick at openfortress.nl> wrote:
>> Volker,
>>> I think I might have a configuration error in OpenDNSSEC. I want it to resign the whole zone once in 14 days, that Nagios starts warning me 12 days before it expires. My kasp.xml should be default:

>> One potential source of these errors is if the signer cannot read
>> your zone, gets confused and stops generating signatures.  This should
>> be very loud in your log files, because it keeps running into those
>> problems every hour or so.  Please be sure to have checked those.
>> -Rick
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

More information about the Opendnssec-user mailing list