Op 20-06-11 16:29, Matthijs Mekking schreef: > Ok, that explains why the signer is complaining about the configuration :). > > Looking again at your previous mail, I see: > > Jun 20 13:02:37 ramanujan ods-enforcerd: Not enough keys to satisfy ksk > policy for zone: 4.x.x.x.x.x.x.x.0.1.0.0.2.ip6.arpa > Jun 20 13:02:37 ramanujan ods-enforcerd: ods-enforcerd will create some > more keys on its next run > Jun 20 13:02:37 ramanujan ods-enforcerd: Error allocating ksks to zone > 4.x.x.x.x.x.x.x.0.1.0.0.2.ip6.arpa > > Do you perhaps use shared keys? > There was a known issue regarding shared keys and adding zones, but it > should have been fixed in version 1.2.x (I see you are using the latest > version).
Ho, I don't use shared keys, every zone uses its own keys > > A quick solution that should work would be to generate more keys manually: > >> ods-ksmutil key generate --policy default --interval P1Y Unfortunately this does not solve the problem. If you are interested I will send the configs to you by private mail. Thanks for looking into this. -- Casper Gielen <[email protected]> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
