Hi, Sorry, I do not remember anything strange that happened or at least I did not pay attention. Anyway I can send you off-list excerpt of the log that contains everything related to that policy and the zones I configured to use that policy. I hope that can also help. A detail that can be important though is that "lab" was not the first policy I started with. At first I had two other policies and the conf.xml file had <ManualKeyGeneration/> option enabled. Later I added the "lab" policy and removed the ManualKeyGeneration option, because I did not want to pre-generate too many keys. The first time I run the enforcer with the "lab" policy it did not generate keys because of ManualKeyGeneration as can be seen in the log, then I removed that option and since then I did not encounter any problems until I tried to add more zones using that policy.
ena On Tue, Feb 25, 2014 at 3:35 PM, Sara Dickinson <[email protected]> wrote: > Hi Emil, > > Sorry for the late response. This sounds similar to an issue we saw a > while back where there were several keys in the database in an unexpected > state, which caused a problem with the key allocation algorithm: > https://issues.opendnssec.org/browse/OPENDNSSEC-546 > I'll send you and email off-list to confirm this and then we can clean up > the problem keys. > > We didn't ever manage to work out how the keys got in this state - do you > remember anything strange happening at any stage with the zones on the lab > policy? > > We are adding tools in the next patch release that should make this > problem easier to diagnose and cleanup and we are also looking at how we > can make the enforcer more robust to this kind of problem in future. > > Best regards > > Sara. > > On 25 Feb 2014, at 12:59, Emil Natan <[email protected]> wrote: > > > Ok, I think I'm getting closer. I already had a zone using the "lab" > policy which was working well. Tried to add test.org to "lab" as well and > got into the issues I already mentioned. Then I changed the policy for > test.org to something else and it worked, signconf file was created, keys > generated and zone signed. Then tried to add two new zones, one using "lab" > and another one using "testpolicy" policy and again I had a problem for the > zone using "lab" and the one using "testpolicy" worked well. A test > kasp.xml file including both policies is attached. Just to make it clear I > already have a zone using the "lab" policy which works well, but the second > zone I add fails. Any ideas? > > Thank you in advance. > > > > ena > > > >
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
