Hi Yuri —
Yuri Schaeffer <[email protected]> wrote:
> Please check for the availability of the key in the hsm:
> ods-hsmutil -c /etc/opendnssec/conf.xml list
>
> It may have trouble finding one of the keys from your signconf:
> 0347526dbd7d57ff891f017c26a30846
> a55ae0ef264253145c8f29c491829d29
Nope. Both keys are found:
dns> ods-hsmutil -c /usr/local/etc/opendnssec/conf.xml list | egrep -i
'(0347526dbd7d57ff891f017c26a30846|a55ae0ef264253145c8f29c491829d29)'
SoftHSM a55ae0ef264253145c8f29c491829d29 RSA/2048
SoftHSM 0347526dbd7d57ff891f017c26a30846 RSA/2048
> Also make sure you pass the correct conf.xml file. I'm a little worried
> you may have one on multiple locations.
Hmm. This is a FreeBSD port I did install. but I double-checked, and no, there
is only one conf.xml available.
> Since increasing the verbosity doesn't seem to work for you?
I do have the following section in my conf.xml file regarding verbosity:
<Logging>
<Verbosity>7</Verbosity>
<Syslog><Facility>local0</Facility></Syslog>
</Logging>
Opendnssec runs in a FreeBSD jail, and all log messages are forwarded to the
host's syslogd. But that shouldn't be the reason for a "not working verbosity
setting", correct? Is there a way to fetch error massages into a file?
Well, coming back to my issue. As I mentioned before, I am not that well
informed about all the details of DNSSEC. Does that current lack in key
rollover for that domain may imply major issues for that given domain? I am
willing to upgrade opendnssec, but that would need some time of testing,
because I do not want to screw my recent setup. Would the current issue lead to
a disaster if I would perform an upgrade under these circumstances? Would it be
worth a try?
I really do appreciate your help,
Michael
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
