[Opendnssec-user] Not enough keys to satisfy zsk policy for zone
Hoda Rohani
hoda at nlnetlabs.nl
Tue Dec 19 12:11:12 UTC 2017
Hello Marc,
I would recommend to upgrade your opendnssec.
We saw similar bugs before and fixed them in 1.4.14. There was a miscalculation in getting the right number of required
keys.
Please let us know if you still see those messages after upgrading.
Regards,
Hoda
On 19-12-17 12:16, Marc Richter wrote:
> Hi,
>
> we are getting the following errors in our logs (zonename replaced with
> <zone>):
>
> ods-enforcerd: [ID 992331 local0.warning] Not enough keys to satisfy zsk
> policy for zone: <zone>. keys_to_allocate(1) = keys_needed(2) -
> (keys_available(2) - keys_pending_retirement(1))
>
> ods-enforcerd: [ID 115111 local0.warning] Tried to allocate 1 keys, failed
> on allocating key number 1
>
> ods-enforcerd: [ID 482275 local0.warning] ods-enforcerd will create some
> more keys on its next run
>
> ods-enforcerd: [ID 363081 local0.error] Error allocating zsks to zone <zone>
>
>
> According to
>
> https://wiki.opendnssec.org/display/DOCS/Troubleshooting
>
> as well as the error message, ods-enforcerd should create new keys on its
> next run. However, that doesn't seem to happen as the messages are
> repeating every time ods-enforcerd is running.
>
> ManualKeyGeneration is not set.
>
> This is opendnssec version 1.4.10
>
> How do I fix this ?
>
> Regards
> Marc
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
More information about the Opendnssec-user
mailing list