[Opendnssec-user] CRITICAL: failed to sign zone example.com: General error
Yuri Schaeffer
yuri at nlnetlabs.nl
Thu Jan 19 09:10:18 UTC 2017
> After that I think we have exhausted all possible access permissions.
> And we are left with the puzzling question why the other domains
> aren't seeing the same issue. It would mean that just the generation
> of keys isn't working.
It could be that they simply haven't initiated a rollover yet so no
writing necessary. And they still have their signconf so the signer will
keep running.
> @Yuri also: could there be a change in the policy/kasp which prevents
> generation of keys?
Yes, you can set <ManualRollover/> in the <KSK> and <ZSK> sections. In
1.4 for ZSK it will mean no ZSK will be generated at all. A KSK might be
generated but not rolled too unless issues by the user.
//Yuri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170119/63825879/attachment.bin>
More information about the Opendnssec-user
mailing list