[Opendnssec-user] Not enough keys to satisfy zsk policy for zone
Marc Richter
marc.richter at de.verizon.com
Thu Dec 21 11:41:11 UTC 2017
Hi Yuri,
> The actual generation of the key fails but that happens at slightly
> different time. Could you provide more log output?
how would a log message look like when new keys are generated ?
I searched the log (already at verbosity 10) but did not find any messages
that would indicate that ODS is generating, or trying to generate but
failing, any new keys.
The only thing I found is in the startup messages, where it says that "No
new ZSKs need to be created".
See logs below (config filenames and DB information have been removed from
the log messages):
ods-enforcerd: [ID 676094 daemon.info] opendnssec starting...
ods-enforcerd: [ID 326049 local0.info] HSM connection open.
ods-enforcerd: [ID 442419 local0.info] Reading config
ods-enforcerd: [ID 321401 local0.info] Reading config schema
ods-enforcerd: [ID 779269 local0.info] Communication Interval: 900
ods-enforcerd: [ID 166010 local0.info] Rollover Notification Interval: 604800
ods-enforcerd: [ID 796646 local0.info] Using command: to submit DS records
ods-enforcerd: [ID 646761 local0.info] MySQL database schema set to:
ods-enforcerd: [ID 950666 local0.info] MySQL database user set to:
ods-enforcerd: [ID 130658 local0.info] MySQL database password set
ods-enforcerd: [ID 517519 local0.info] Log User set to: local0
ods-enforcerd: [ID 399845 local0.info] Pidfile set to:
ods-enforcerd: [ID 599916 local0.info] Switched log facility to: local0
ods-enforcerd: [ID 813082 local0.info] Connecting to Database...
ods-enforcerd: [ID 799338 local0.info] Policy default found.
ods-enforcerd: [ID 792314 local0.info] Key sharing is On
ods-enforcerd: [ID 931102 local0.info] 86 zone(s) found on policy "default"
ods-enforcerd: [ID 970822 local0.info] No new KSKs need to be created.
ods-enforcerd: [ID 193721 local0.info] No new ZSKs need to be created.
ods-enforcerd: [ID 630891 local0.info] NOTE: keys generated in repository
SoftHSM will not become active until they have been backed up
ods-enforcerd: [ID 685651 local0.debug] Purging keys...
Regards
Marc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20171221/8600efcb/attachment.bin>
More information about the Opendnssec-user
mailing list