This is the error am getting I am trying to think about it through.
On 07/01/2011 12:29 PM, Rickard Bellgrim wrote:
On Fri, Jul 1, 2011 at 11:17 AM, Bryton<[email protected]> wrote:
Thanks Richard,
Now this means that if I want to sign the zone before KSK is in ACTIVE state
it is not possible.and further to this What can I do to make the KSK to move
from Publish to Active as soon as possible?This is because After checking
the queue I have seen the bellow
I have 1 tasks scheduled
It is now Fri Jul 1 12:13:51 2011
On Fri Jul 1 13:37:31 2011 I will sign zone tz
The zone will be signed before the KSK is considered to be active. It
is just that the DNSKEY+RRSIG must propagate before you can send up
the DS to the parent zone.
The Enforcer follows your policy where you have configured the timing
parameters. It would not be wise to speed the process up uniless you
can reflect the new timing parameters in your infrastructure.
The Signer Engine will check if the signatures needs to be renewed
every re-sign interval. If you have no signed zone in the location
given by zonelist.xml, than check your syslog for further assistance.
Did the Auditor complain in syslog?
Try running "ods-signer sign tz" again and the check syslog. What does it say?
// Rickard
--
Regards,
Bryton.
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
