[Opendnssec-user] add new zone to ODS

Emil Natan shlyoko at gmail.com
Mon Feb 24 14:49:13 UTC 2014


Hello,

I apologize in advance in case I'm missing something obvious.
Here is the problem. I have ODS running managing 3 zones. I started with
these 3 zones and did not added more zones until now. Now I add new zone
test.org, I tried both ways using "ods-ksmutil zone add" command and
editing the zonelist file manually, in both cases I finish with zonelist
containing the new zone. Then I run "ods-ksmutil update all" which shows no
errors.

  zonelist filename set to /usr/local/ods/etc/opendnssec/zonelist.xml.
kasp filename set to /usr/local/ods/etc/opendnssec/kasp.xml.
Repository Keyper found
No Maximum Capacity set.
RequireBackup set.
INFO: The XML in /usr/local/ods/etc/opendnssec/conf.xml is valid
INFO: The XML in /usr/local/ods/etc/opendnssec/zonelist.xml is valid
INFO: The XML in /usr/local/ods/etc/opendnssec/kasp.xml is valid

In the log file I see:

Feb 24 16:26:17 catwoman ods-enforcerd: Zone test.org found.
Feb 24 16:26:17 catwoman ods-enforcerd: Policy for test.org set to lab.
Feb 24 16:26:17 catwoman ods-enforcerd: Config will be output to
/usr/local/ods/var/opendnssec/signconf/test.org.xml.
Feb 24 16:26:17 catwoman ods-enforcerd: Not enough keys to satisfy zsk
policy for zone: test.org
Feb 24 16:26:17 catwoman ods-enforcerd: ods-enforcerd will create some more
keys on its next run
Feb 24 16:26:17 catwoman ods-enforcerd: Error allocating zsks to zone
test.org
Feb 24 16:26:17 catwoman ods-enforcerd: Disconnecting from Database...
Feb 24 16:26:17 catwoman ods-enforcerd: Sleeping for 20864 seconds.

Restart of the ods-enforcerd does not help and it logs exactly the same
lines. test.org.xml is also not written under signconf and the permissions
on that directory seem fine.
I'm running ODS 1.4.

Any ideas?

Thanks.
ena
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140224/70927478/attachment.htm>


More information about the Opendnssec-user mailing list