Hi, I am experiencing the sam problems as Duane Wessels and Björn Hansson had in June / July.
I am just asking if there are any news in this issue. I did the following right after a fresh start with OpenDNSSEC: - Added five zones for signing (and let it completely finish signing) - Removed one zone (waited a few runs of the enforcer, so that cleanup should be done) - Added one zone with same name The new zone doesn't get signed and the log keeps saying the following: - Not enough keys to satisfy ksk policy for zone: sub05.domain.tld - ods-enforcerd will create some more keys on its next run - ods-enforcerd: Error allocating ksks to zone sub05.domain.tld At beginning every zone gets 4 keys, two ksks and two zsks. After the removal of the zone I purged the unused keys, but openDNSSEC just purged 3 keys and not 4. I tried also to delete all the files generated for this zone and to purge all the keys related to the zone manually, before adding it again. And I tried to generate new keys manually for the policy, but it didn't help. If I add new zones with different names now, also the new zones don't get signed properly. It seems that there is a bug in the clean up after the zone removal and that the whole package doesn't work properly afterwards anymore. All the best, Simon Mittelberger _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
