I made a change to the zone to try to trigger an update and got the follow
in the log:

May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): serial 1462271604 (unsigned 1462271604)
May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): could not get zone keys for secure dynamic update
May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): receive_secure_serial: not found

I'm not sure if it's a cause for concern or not.

Cheers,

GTG

-----Original Message-----
From: Gary T. Giesen [mailto:ggie...@giesen.me] 
Sent: May-03-16 6:30 AM
To: 'Martin Basti' <mba...@redhat.com>; freeipa-users@redhat.com
Subject: RE: [Freeipa-users] Unable to configure DNSSEC signing

May 03 06:21:09 host.example.com systemd[1]: Stopping Berkeley Internet Name
Domain (DNS) with native PKCS#11...
...
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): next key event: 03-May-2016 07:21:11.049


Cheers,

GTG

-----Original Message-----
From: Martin Basti [mailto:mba...@redhat.com]
Sent: May-03-16 4:06 AM
To: Gary T. Giesen <ggiesen+freeipa-us...@giesen.me>;
freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Unable to configure DNSSEC signing


Hello,

can you please check journalctl -u named-pkcs11 ?

Martin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to