[Opendnssec-user] CRITICAL: failed to sign zone example.com: General error
yuri at nlnetlabs.nl
Thu Jan 19 09:10:18 UTC 2017
> After that I think we have exhausted all possible access permissions.
> And we are left with the puzzling question why the other domains
> aren't seeing the same issue. It would mean that just the generation
> of keys isn't working.
It could be that they simply haven't initiated a rollover yet so no
writing necessary. And they still have their signconf so the signer will
> @Yuri also: could there be a change in the policy/kasp which prevents
> generation of keys?
Yes, you can set <ManualRollover/> in the <KSK> and <ZSK> sections. In
1.4 for ZSK it will mean no ZSK will be generated at all. A KSK might be
generated but not rolled too unless issues by the user.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 195 bytes
Desc: OpenPGP digital signature
More information about the Opendnssec-user