Hi Emil, Sorry for the late response. This sounds similar to an issue we saw a while back where there were several keys in the database in an unexpected state, which caused a problem with the key allocation algorithm: https://issues.opendnssec.org/browse/OPENDNSSEC-546 I’ll send you and email off-list to confirm this and then we can clean up the problem keys.
We didn’t ever manage to work out how the keys got in this state - do you remember anything strange happening at any stage with the zones on the lab policy? We are adding tools in the next patch release that should make this problem easier to diagnose and cleanup and we are also looking at how we can make the enforcer more robust to this kind of problem in future. Best regards Sara. On 25 Feb 2014, at 12:59, Emil Natan <[email protected]> wrote: > Ok, I think I'm getting closer. I already had a zone using the "lab" policy > which was working well. Tried to add test.org to "lab" as well and got into > the issues I already mentioned. Then I changed the policy for test.org to > something else and it worked, signconf file was created, keys generated and > zone signed. Then tried to add two new zones, one using "lab" and another one > using "testpolicy" policy and again I had a problem for the zone using "lab" > and the one using "testpolicy" worked well. A test kasp.xml file including > both policies is attached. Just to make it clear I already have a zone using > the "lab" policy which works well, but the second zone I add fails. Any ideas? > Thank you in advance. > > ena > _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
