[Opendnssec-user] CRITICAL: failed to sign zone example.com: General error
Michael Grimm
trashcan at ellael.org
Mon Jan 16 18:49:06 UTC 2017
Hi --
This is opendnssec 1.4.12 and FreeBSD 11-STABLE.
Today I found the following error message in my logs:
| ods-signerd: [worker[4]] CRITICAL: failed to sign zone example.com:
General error
After removing all files in /usr/local/var/opendnssec/signconf and
/usr/local/var/opendnssec/tmp, and restartion opendnssec afterwards,
I'll end up with:
| ods-enforcerd: Zone example.com found.
| ods-enforcerd: Policy for example.com set to default.
| ods-enforcerd: Config will be output to
/usr/local/var/opendnssec/signconf/example.com.xml.
| ods-enforcerd: Not enough keys to satisfy zsk policy for zone:
example.com. keys_to_allocate(1) = keys_needed(1) - (keys_available(1) -
keys_pending_retirement(1))
| ods-enforcerd: Tried to allocate 1 keys, failed on allocating key
number 1
| ods-enforcerd: ods-enforcerd will create some more keys on its next
run
| ods-enforcerd: Error allocating zsks to zone example.com
and
| ods-signerd: [worker[4]] CRITICAL: failed to sign zone example.com:
General error
dns> ods-ksmutil key list -all --zone example.com
Keys:
Zone: Keytype: State: Date of next transition:
example.com KSK active 2026-01-20 12:59:25
example.com ZSK active 2017-01-16 14:00:07
Hmm, what do I need to do in order to recover from that error? Any input
is highly appreciated.
Thanks and regards,
Michael
More information about the Opendnssec-user
mailing list