On 12/19/2016 12:21 AM, Hoda Rohani wrote:
> ods 2.X now accepts these kind of format: '1W' and '3H'.
ok
> Name of zone file must match the name of zone, that was your problem.
realized that since my zone files (a) are in a chroot and (b) contain INCLUDE
stmts, that a compiled version was needed for opendnssec to process
mkdir -p /svr/named/namedb/compiled
named-compilezone \
-t "/svr/named" \
-f text -F text \
-o /namedb/compiled/example.info.compiled \
example.info /namedb/master/example.info.zone
then matching the zone name with the zonefile name
mv /svr/named/namedb/compiled/example.info.compiled
/var/opendnssec/unsigned/example.info
cleaning
/usr/local/opendnssec/sbin/ods-enforcer zone delete --all
then signing
/usr/local/opendnssec/sbin/ods-enforcer zone add -z example.info.zone
-p lab
now works
ls -al /var/opendnssec/signed/example.info
-rw-r--r-- 1 root root 11K Dec 19 06:14
/var/opendnssec/signed/example.info
Thanks.
Fwiw, in the OP, that the output of the enforcer command reported
Zone example.info added successfully
when it wasn't being created, and the logs clearly contained errors is
misleading. It'd be useful to have the signing step report an error at console
...
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
