[Opendnssec-user] CRITICAL: failed to sign zone example.com: General error

Berry A.W. van Halderen berry at nlnetlabs.nl
Thu Jan 19 09:18:43 UTC 2017

On 01/19/2017 10:10 AM, Yuri Schaeffer wrote:
>> @Yuri also: could there be a change in the policy/kasp which prevents
>> generation of keys?
> Yes, you can set <ManualRollover/> in the <KSK> and <ZSK> sections. In
> 1.4 for ZSK it will mean no ZSK will be generated at all. A KSK might be
> generated but not rolled too unless issues by the user.

I don't mean that, perhaps the policy has been changed such that now
an algorithm or key length is being requested that isn't supported?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170119/51424f4b/attachment.bin>

More information about the Opendnssec-user mailing list