[Opendnssec-user] no softhsm whining

Randy Bush randy at psg.com
Wed Jun 11 00:45:19 UTC 2014

>> all ds are seen.  repository is flagged.  i am still not asked to back
>> keys up.
>>                 <Repository name="SoftHSM">
>>			   <Module>/usr/local/lib/softhsm/libsofthsm.so</Module>
>>                         <TokenLabel>opendnssec</TokenLabel>
>>                         <PIN>sigh</PIN>
>>                         <RequireBackup/>
>>                         <SkipPublicKey/>
>>                 </Repository>
> Are the keys generated after the update to the policy? Changes to the
> policy only applies to keys generated after the change.

some KSKs were generated after the policy change, and sent to parent,
and ds seen done.  ZSKs are whacked frequently.

> Could it be that the message is not logged because the ZSK is generated in
> the same repository as the KSK? See the if-statement in:
> https://github.com/opendnssec/opendnssec/blob/1.4/master/enforcer/enforcerd/enforcer.c#L575

is this a change?  i.e. "it used to work!"  :)


More information about the Opendnssec-user mailing list