-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Göran,
On 05/24/2012 10:03 AM, Göran Bengtson wrote: > I've created a BUG Report for this, but I wonder if this problem is > seen only by me. (Using ODS 1.3.8). > > To summarize, removing a zone (from zonelist.xml etc) creates two > problem. > > 1 The signer does not understand that the zone is removed (even > though the ods-ksmutil update all indicate that it is removed, and > the enforcer gets the picture. Th signer still tries to sign the > zone. This is resolved by restarting ODS. If you delete a zone from the zonelist.xml file manually, you'll need to inform the signer with: $ ods-signer update If you delete a zone with ods-ksmutil zone delete, ods-ksmutil will run that command for you. Best regards, Matthijs > > 2 This is serious. Immediately after the ods-ksmutil update > command is given ODS gets seriously confused about the keys in > ANOTHER, remaining zone. A new ZSK key is generated, and the active > ZSK dissapears (is not used anymore). ods-ksmutil key list only > show the KSK key and the newly generated ZSK key (in publish > state). > > Now, this occurred first yesterday when removing a zone. But since > it occurred again today when removing another zone, the problem is > reproducable, at least with my installation. > > / Göran Bengtson Chalmers > > > _______________________________________________ Opendnssec-user > mailing list [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvfOaAAoJEA8yVCPsQCW5TQsIAKNxBFoNQHsX+WrlPx8+dLSX hjnk/2D1x34JBiDN/c6hWsxaYlJiWGiy4mMH14yTIJF58+MUzuHOzPU3wHSPTtgz g4nHuTc8+MWKpJTcTTJzT5nfMdilMzoKBKr4EV8/hIBxlAgSdQ1Rl+bITy9WMBGD hNUD7DM1c7ius4zvZCW/CD6Ehbk57fo7ry7kTmegPIa9l2aMkvYRvZO05+oxU9a6 MfpXZ5THthgSawPLwJQ5R9bUrutWBVVpbz84kyVNOOspFA0KRpQYO9ujh4no1jB/ fuxQI/jDE+rmm0DrxMUwqIGJwge7xHcjtc69W8nWVRLTvQQkfSdg3OlLGhvAKts= =L6IS -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
