I see that the problem has resolved now. Meaning that the signer
configurations are probably not interesting anymore with respect to
finding out why the signer produced no signatures.
My thought was that during these actions, you might have ended up with
signer configurations with a key list that had no keys marked as active
(<KSK/>, <ZSK/>).
Best regards,
Matthijs
On Tue, 5 Jun 2012, Matthijs Mekking wrote:
No, what I meant is what does the signer configuration file look like. So
what are the contents of /var/opendnssec/signconf/nohats.ca.xml?
You may want to send that off list.
Best regards,
Matthijs
On Mon, 4 Jun 2012, Paul Wouters wrote:
On Mon, 4 Jun 2012, Matthijs Mekking wrote:
What does the signconf file for nohats.ca and the other zone look like?
Attached the nohats.ca one. The zone is stock default, eg:
<Zone name="nohats.ca">
<Policy>default</Policy>
<SignerConfiguration>/var/opendnssec/signconf/nohats.ca.xml</SignerConfiguration>
<Adapters>
<Input>
<File>/etc/nsd/nohats.ca</File>
</Input>
<Output>
<File>/var/opendnssec/signed/nohats.ca</File>
</Output>
</Adapters>
</Zone>
The policy "default" is also stock.
Paul
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
