> After that I think we have exhausted all possible access permissions. > And we are left with the puzzling question why the other domains > aren't seeing the same issue. It would mean that just the generation > of keys isn't working.
It could be that they simply haven't initiated a rollover yet so no writing necessary. And they still have their signconf so the signer will keep running. > @Yuri also: could there be a change in the policy/kasp which prevents > generation of keys? Yes, you can set <ManualRollover/> in the <KSK> and <ZSK> sections. In 1.4 for ZSK it will mean no ZSK will be generated at all. A KSK might be generated but not rolled too unless issues by the user. //Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
