On Fri, Jul 1, 2011 at 11:17 AM, Bryton <[email protected]> wrote: > > Thanks Richard, > > Now this means that if I want to sign the zone before KSK is in ACTIVE state > it is not possible.and further to this What can I do to make the KSK to move > from Publish to Active as soon as possible?This is because After checking > the queue I have seen the bellow > > I have 1 tasks scheduled > It is now Fri Jul 1 12:13:51 2011 > On Fri Jul 1 13:37:31 2011 I will sign zone tz
The zone will be signed before the KSK is considered to be active. It is just that the DNSKEY+RRSIG must propagate before you can send up the DS to the parent zone. The Enforcer follows your policy where you have configured the timing parameters. It would not be wise to speed the process up unless you can reflect the new timing parameters in your infrastructure. The Signer Engine will check if the signatures needs to be renewed every re-sign interval. If you have no signed zone in the location given by zonelist.xml, than check your syslog for further assistance. Did the Auditor complain in syslog? Try running "ods-signer sign tz" again and the check syslog. What does it say? // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
