[Opendnssec-user] add new zone to ODS

Sara Dickinson sara at sinodun.com
Tue Feb 25 13:35:14 UTC 2014

Hi Emil, 

Sorry for the late response. This sounds similar to an issue we saw a while back where there were several keys in the database in an unexpected state, which caused a problem with the key allocation algorithm:
I’ll send you and email off-list to confirm this and then we can clean up the problem keys.

We didn’t ever manage to work out how the keys got in this state - do you remember anything strange happening at any stage with the zones on the lab policy?

We are adding tools in the next patch release that should make this problem easier to diagnose and cleanup and we are also looking at how we can make the enforcer more robust to this kind of problem in future. 

Best regards


On 25 Feb 2014, at 12:59, Emil Natan <shlyoko at gmail.com> wrote:

> Ok, I think I'm getting closer. I already had a zone using the "lab" policy which was working well. Tried to add test.org to "lab" as well and got into the issues I already mentioned. Then I changed the policy for test.org to something else and it worked, signconf file was created, keys generated and zone signed. Then tried to add two new zones, one using "lab" and another one using "testpolicy" policy and again I had a problem for the zone using "lab" and the one using "testpolicy" worked well. A test kasp.xml file including both policies is attached. Just to make it clear I already have a zone using the "lab" policy which works well, but the second zone I add fails. Any ideas?
> Thank you in advance.
> ena

More information about the Opendnssec-user mailing list