> dns|root> ods-hsmutil -v test SoftHSM
Hmm this shows that generating new keys is not a problem perse. Can you send me your kasp.xml? > Segmentation fault (core dumped) Hmmm!? What does that mean? I guess > I should be worried. A crash in ods-hsmutil. It should have created a coredump file. (likely named something like ods-hsmutil.core). Perhaps I can extract some info from it if you send it to me together with the ods-hsmutil executable from your system. > What to do next: > > #) would such a database be possible to migrate to softhsm2? Either > by the migration script or manually (export, import)? If this is indeed a softhsm issue it might work. I'm not involved in the SoftHSM development but as far as I know SoftHSMv2 includes a softhsm2-migrate program to do this import for you. > #) should I try to trigger a manual ZSK rollover for the erratic > domain? It seems to have trouble generating new keys from the enforcer. So I don't think that would help you. > #) I am already thinking about a worst case scenario: Restarting from > scratch (only 9 domains involved). I have read that it should be > possible to run two opendnssec versions in parallel. Can you confirm > this? It is perfectly possible to run two instances in parallel. Though you have to make sure you set all the paths correctly so that config files, PID files, tmp files etc don't mix. //Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
