[Opendnssec-user] Not enough keys to satisfy zsk policy for zone
Marc Richter
marc.richter at de.verizon.com
Tue Dec 19 11:16:06 UTC 2017
Hi,
we are getting the following errors in our logs (zonename replaced with
<zone>):
ods-enforcerd: [ID 992331 local0.warning] Not enough keys to satisfy zsk
policy for zone: <zone>. keys_to_allocate(1) = keys_needed(2) -
(keys_available(2) - keys_pending_retirement(1))
ods-enforcerd: [ID 115111 local0.warning] Tried to allocate 1 keys, failed
on allocating key number 1
ods-enforcerd: [ID 482275 local0.warning] ods-enforcerd will create some
more keys on its next run
ods-enforcerd: [ID 363081 local0.error] Error allocating zsks to zone <zone>
According to
https://wiki.opendnssec.org/display/DOCS/Troubleshooting
as well as the error message, ods-enforcerd should create new keys on its
next run. However, that doesn't seem to happen as the messages are
repeating every time ods-enforcerd is running.
ManualKeyGeneration is not set.
This is opendnssec version 1.4.10
How do I fix this ?
Regards
Marc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20171219/503bc91b/attachment.bin>
More information about the Opendnssec-user
mailing list