Hi Yuri, Hi Hoda, >> is there a way to fix that even with the current version ? > > What Hoda said, the upgrade is the fix.
I have restored a backup of the database, SoftHSM and the signconf files onto a development server that runs 1.4.10 as well. I saw the same error messages when starting ODS on that development server, so I could reproduce the issue. I then shutdown ODS, upgraded to 1.4.14 and restarted ODS, but the error is still reported. So the upgrade did not fix the issue, apparently. Do you have any advice what do check next ? > A short term workaround: > use "ods-ksmutil key generate --period PERIOD" to generate more keys. > For PERIOD choose something bigger than the value from the conf. Say > twice. Make sure the lifetime of the ZSK is shorter than the KSK or > you'll probably hit the same problem. I guess you mean "key generate --interval" instead of "key generate --period" ? A --period switch does not seem to exist. > Long term workaround: > Use a different key length for ZSK than KSK. We already do. KSK length is 2048, ZSK 1024. Regards Marc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
