On 13/10/11 11:00, Casper Gielen wrote:
root@metagross:~# ods-enforcerd -1
Oct 13 11:50:43 metagross ods-enforcerd: Zone hetnieuwemarketingdenken.nl found.
Oct 13 11:50:43 metagross ods-enforcerd: Policy for hetnieuwemarketingdenken.nl
set to default.
Oct 13 11:50:43 metagross ods-enforcerd: Config will be output to
/var/lib/opendnssec/signconf/hetnieuwemarketingdenken.nl.xml.
Oct 13 11:50:43 metagross ods-enforcerd: Not enough keys to satisfy ksk policy
for zone: hetnieuwemarketingdenken.nl
Oct 13 11:50:43 metagross ods-enforcerd: ods-enforcerd will create some more
keys on its next run
Oct 13 11:50:43 metagross ods-enforcerd: Error allocating ksks to zone
hetnieuwemarketingdenken.nl
root@metagross:/var/lib/opendnssec/signconf# cat hetnieuwemarketingdenken.nl.xml
<SignerConfiguration>
<Zone name="hetnieuwemarketingdenken.nl">
...
It looks like there are duplicate keys in the database... Could you send
me (offlist is probably best) the results of this sql command:
select * from dnsseckeys where zone_id = (select id from zones where
name = 'hetnieuwemarketingdenken.nl');
The manual key generation will not work because it thinks that you want
-3 months of keys... the command:
ods-ksmutil key generate --policy default --interval P3M
should work.
Cheers.
Sion
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
