[Opendnssec-user] [hsm] unable to get key

Randy Bush randy at psg.com
Mon Aug 23 13:49:57 UTC 2021

>>> I'm wondering whether this key is being retired.
>>> In which case a patch fix might be to remove the signconf file
>>> for this zone;
>>>   rm /var/opendnssec/signconf/hipster.biz.xml
>>> and regenerate this:
>>>   ods-enforcer signconf
>> it'a all zones.  i could do it for all?  maybe experiment with this one
>> first.
>>     # rm /usr/local/var/opendnssec/signconf/hipster.biz.xml
>>     # ods-enforcer signconf
>>     # ls -l /usr/local/var/opendnssec/signconf/hipster.biz.xml
>>     -rw-r--r--  1 opendnssec  opendnssec  971 Aug 22 20:54
>> /usr/local/var/opendnssec/signconf/hipster.biz.xml
>> removing that one and `ods-enforcer signconf` either stopped the
>> problem or broke logging :)

> Meanwhile you can fix your setup by doing this to all zones.

i am hesitant, as ods is not logging any errors

> I'll try to reproduce and fix that late afternoon.

many thanks!


randy at psg.com
`gpg --locate-external-keys --auto-key-locate wkd randy at psg.com`
signatures are back, thanks to dmarc header butchery

More information about the Opendnssec-user mailing list