[Opendnssec-user] Not enough keys to satisfy zsk policy for zone
Marc Richter
marc.richter at de.verizon.com
Thu Dec 21 14:10:42 UTC 2017
Hi,
> Hoda noticed this:
>
>> ods-enforcerd: [ID 630891 local0.info] NOTE: keys generated in repository
>> SoftHSM will not become active until they have been backed up
>
> We think you have <RequireBackup/> in your conf but did not indicate to
> OpenDNSSEC that you actually backed them up. Therefore it isn't allowed
> to use the keys.
>
> So try backing up your keys or stop requiring it.
I don't think this is the issue. We are doing a key backup multiple times
per day using "ods-ksmutil backup prepare" as the first step and
"ods-ksmutil backup commit" as the last step of the process.
So a key that was freshly generated should become active shortly after that.
I also just did this manually and no keys were marked during prepare or commit:
# ods-ksmutil backup prepare
There were no keys to mark
# ods-ksmutil backup commit
There were no keys to mark
Regards
Marc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20171221/fcd66418/attachment.bin>
More information about the Opendnssec-user
mailing list