[Opendnssec-user] Not enough keys to satisfy zsk policy for zone
Yuri Schaeffer
yuri at nlnetlabs.nl
Thu Dec 21 11:16:36 UTC 2017
> ods-enforcerd: [ID 992331 local0.warning] Not enough keys to satisfy zsk
> policy for zone: <zone>. keys_to_allocate(1) = keys_needed(2) -
> (keys_available(2) - keys_pending_retirement(1))
>
> ods-enforcerd: [ID 115111 local0.warning] Tried to allocate 1 keys, failed
> on allocating key number 1
>
> ods-enforcerd: [ID 482275 local0.warning] ods-enforcerd will create some
> more keys on its next run
>
> ods-enforcerd: [ID 363081 local0.error] Error allocating zsks to zone <zone>
These warning are emitted when the enforcer tries to reserve a key for a
zone but the key isn't available. It is normal to see these warnings
sometimes.
The actual generation of the key fails but that happens at slightly
different time. Could you provide more log output?
//Yuri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20171221/1f3181ba/attachment.bin>
More information about the Opendnssec-user
mailing list