Op 07-09-12 08:14, Bas van den Dikkenberg schreef: > Hello > > > > I have multiple zone that have multiple active ZSK’s, for some kind of > reason en doesn’t drop them automaticly, is there a way to do this bye > hand ?
It may possible to some extent using ods-ksmutil retire and purge but I don't think it is the right path forward. First you need to make sure that a valid ZSK remains in place. You have a ZSK that is active but not scheduled for any transition. While that is theoretically possible it is a bit unusual and defeats the purpose of having a seperate ZSK (instead of using the KSK for everything). Is that something you have configured on purpose? Could it be that you confused ZSK and KSK (such a policy does make sense for a KSK)? Please check that both the signer and the enforcer daemon are running. Restart them to make sure they are really active. Is there anything in the logs regarding this zone? -- Casper Gielen <[email protected]> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
