[Opendnssec-user] sign failure
Randy Bush
randy at psg.com
Fri Oct 23 23:15:59 UTC 2020
>> these, and 42 like them, work
>>
>> <Zone name="28.147.in-addr.arpa"> <Policy>default</Policy>
>> <SignerConfiguration>/usr/local/var/opendnssec/signconf/147.028.xml</SignerConfiguration>
>> <Adapters>
>> <Input> <File>/usr/local/var/opendnssec/unsigned/147.028</File> </Input>
>> <Output> <File>/usr/home/dns/primary/147.028</File> </Output>
>> </Adapters>
>> </Zone>
>>
>> this does not
>>
>> <Zone name="0.28.147.in-addr.arpa"> <Policy>default</Policy>
>> <SignerConfiguration>/usr/local/var/opendnssec/signconf/147.028.000.xml</SignerConfiguration>
>> <Adapters>
>> <Input> <File>/usr/local/var/opendnssec/unsigned/147.028.000</File> </Input>
>> <Output> <File>/usr/home/dns/primary/147.028.000</File> </Output>
>> </Adapters>
>> </Zone>
>
> and
>
> # ods-enforcer key list | grep 147
> 28.147.in-addr.arpa KSK active 2020-12-30 21:37:26
> 28.147.in-addr.arpa ZSK active 2020-12-30 21:37:26
> 147.028.000 KSK ready waiting for ds-seen
> 147.028.000 ZSK active 2021-01-20 16:14:23
> 147.028.001 KSK ready waiting for ds-seen
> 147.028.001 ZSK active 2021-01-20 16:14:41
> 147.028.002 KSK ready waiting for ds-seen
> 147.028.002 ZSK active 2021-01-20 16:15:44
> ...
>
> so it is name confusion. i just do not know what i am supposed to do
> to unconfuse it.
solved
ods-enforcer zone delete --zone 147.028.000
etc
and
ods-enforcer zonelist import
and bob's your uncle
28.147.in-addr.arpa KSK active 2020-12-30 21:37:26
28.147.in-addr.arpa ZSK active 2020-12-30 21:37:26
0.28.147.in-addr.arpa KSK publish 2020-10-24 02:07:33
0.28.147.in-addr.arpa ZSK ready 2020-10-24 02:07:33
1.28.147.in-addr.arpa ZSK ready 2020-10-24 02:07:33
randy
More information about the Opendnssec-user
mailing list