On Tue, 23 Sep 2014, Matthijs Mekking wrote:
And for unknown reasons it is now only creating a single RRSIG record
for the DNSKEY set (by the KSK) and none of the RRSIG records by the
ZSK, turning these 4 zones into bogus :(
Deleting all files in /var/opendnssec/tmp/ and /var/opendnssec/signed/
and even /var/opendnssec/signconf/ and running ods-ksmutil update all
did not resolve this issue:
If you need such recovery, you also want to restart the signer after removing
these files, as the data is now retained in memory.
That was done. It just choked in the missing ZSK spare key, and therefor
didn't sign any data with the ZSK, and the "signed" zone had no ZSK
based RRSIG's.
Paul
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
