Hello Marc, I would recommend to upgrade your opendnssec. We saw similar bugs before and fixed them in 1.4.14. There was a miscalculation in getting the right number of required keys.
Please let us know if you still see those messages after upgrading. Regards, Hoda On 19-12-17 12:16, Marc Richter wrote: > Hi, > > we are getting the following errors in our logs (zonename replaced with > <zone>): > > ods-enforcerd: [ID 992331 local0.warning] Not enough keys to satisfy zsk > policy for zone: <zone>. keys_to_allocate(1) = keys_needed(2) - > (keys_available(2) - keys_pending_retirement(1)) > > ods-enforcerd: [ID 115111 local0.warning] Tried to allocate 1 keys, failed > on allocating key number 1 > > ods-enforcerd: [ID 482275 local0.warning] ods-enforcerd will create some > more keys on its next run > > ods-enforcerd: [ID 363081 local0.error] Error allocating zsks to zone <zone> > > > According to > > https://wiki.opendnssec.org/display/DOCS/Troubleshooting > > as well as the error message, ods-enforcerd should create new keys on its > next run. However, that doesn't seem to happen as the messages are > repeating every time ods-enforcerd is running. > > ManualKeyGeneration is not set. > > This is opendnssec version 1.4.10 > > How do I fix this ? > > Regards > Marc > > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
