Hi, > Roughly: you should be able to run ods-signerd with a single run and a > specific config file: > > 1. Create a new conf.xml, probably using some different file locations. > 2. Make a signer configuration file signconf.xml for a zone, referencing > the specific locator of the key. > 3. Run 'ods-signerd -c conf.xml -1' (different cfg, single run)
I try to get this to work, but have a few problems. So far I made a copy of the setup, adapted conf.xml, stripped the zonelist.xml down to a single zone and removed everything but a KSK and the possibly broken ZSK from signconf/.xml. Note: the KSK was previously active, while the ZSK was retired. Now the signer does produce a zone, but signs only the DNSKEY RRset with the KSK, and no other record. So the ZSK is not used (but the signer does not complain, even with multiple -v). So what am I missing? Does the signer read the kasp.db? (I made the old ZSK active in the kasp.db, just in case, but that does not seem to help). What am I missing? BTW: is there a way to tell the signer where to put his PID? best, Gilles _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
