Hi, In our test setup we use OpenDNSSEC 1.1.1 and/or 1.1.2-rc on SoftHSM. In both versions, we are experiencing "Not enough keys to satisfy zsk policy for zone" problems. This started at some point, probably when the KASP Enforcer decided it wanted to cycle ZSKs.
I would have expected that keys are automatically generated to relieve this problem, but that is not happening. Signalling that the keys have been backed up (using either of the untouched "backup done" or using our patched 2-phase commit) does not help. In the past, I've overcome this by having keys generated with "key generate", but this is not desirable in the normal course of action. Has anyone seen this before, and where should I look to resolve it? Thanks, -Rick _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
