[Opendnssec-user] DNSKEY will expire in 11.6381365740741 days (kskwarn is 12.0)
Matthijs Mekking
matthijs at nlnetlabs.nl
Tue Dec 10 10:35:49 UTC 2013
Hi,
On 12/10/2013 11:21 AM, Volker Janzen wrote:
...
> Anything I can check before trying to restart the signer?
Gather some evidence:
- Increase the verbosity of the signer (ods-signer verbosity 5) and see
if there is something in the logs then
- Get the queue: ods-signer queue
- Check the nagios configuration and see if it matches the kasp.xml
validity and refresh values.
Best regards,
Matthijs
>
>
> Regards,
> Volker
>
>
> On Tue, 10 Dec 2013 11:15:52 +0100, Rick van Rein
> <rick at openfortress.nl> wrote:
>> Volker,
>>
>>> I think I might have a configuration error in OpenDNSSEC. I want it to resign the whole zone once in 14 days, that Nagios starts warning me 12 days before it expires. My kasp.xml should be default:
>>
>> One potential source of these errors is if the signer cannot read
>> your zone, gets confused and stops generating signatures. This should
>> be very loud in your log files, because it keeps running into those
>> problems every hour or so. Please be sure to have checked those.
>>
>> -Rick
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
More information about the Opendnssec-user
mailing list