[Opendnssec-user] CRITICAL: failed to sign zone example.com: General error

Berry A.W. van Halderen berry at nlnetlabs.nl
Thu Jan 19 09:18:43 UTC 2017


On 01/19/2017 10:10 AM, Yuri Schaeffer wrote:
>> @Yuri also: could there be a change in the policy/kasp which prevents
>> generation of keys?
> 
> Yes, you can set <ManualRollover/> in the <KSK> and <ZSK> sections. In
> 1.4 for ZSK it will mean no ZSK will be generated at all. A KSK might be
> generated but not rolled too unless issues by the user.
> 

I don't mean that, perhaps the policy has been changed such that now
an algorithm or key length is being requested that isn't supported?

\Berry


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170119/51424f4b/attachment.bin>


More information about the Opendnssec-user mailing list