[Opendnssec-user] DNSKEY will expire in 11.6381365740741 days (kskwarn is 12.0)
matthijs at nlnetlabs.nl
Tue Dec 10 10:35:49 UTC 2013
On 12/10/2013 11:21 AM, Volker Janzen wrote:
> Anything I can check before trying to restart the signer?
Gather some evidence:
- Increase the verbosity of the signer (ods-signer verbosity 5) and see
if there is something in the logs then
- Get the queue: ods-signer queue
- Check the nagios configuration and see if it matches the kasp.xml
validity and refresh values.
> On Tue, 10 Dec 2013 11:15:52 +0100, Rick van Rein
> <rick at openfortress.nl> wrote:
>>> I think I might have a configuration error in OpenDNSSEC. I want it to resign the whole zone once in 14 days, that Nagios starts warning me 12 days before it expires. My kasp.xml should be default:
>> One potential source of these errors is if the signer cannot read
>> your zone, gets confused and stops generating signatures. This should
>> be very loud in your log files, because it keeps running into those
>> problems every hour or so. Please be sure to have checked those.
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
More information about the Opendnssec-user