On Mon, 28 Oct 2024 17:44:13 +0000 Bruno Blanes via Opendnssec-user <[email protected]> wrote:
Hello Bruno, > So resalt wasn't doing anything because the salt wasn't old enough, > after purposefully changing the resalt period to make in run, it > printed the following message on my logfile when using <Salt > length="0"/>: > > [policy_resalt_task] policy default has an invalid salt length. Must > be in range [0..255] Which version of OpenDNSSEC are you using? Because there has been a fix for that issue in 2.1.11 [1]. So if you are not yet using that version or higher, please upgrade. [cut how to configure OpenDNSSEC to adhere to RFC 9276 sec. 3.1] [1] https://github.com/opendnssec/opendnssec/blob/2.1.14/NEWS#L29 -- Stefan Ubbink DNS & Systems Engineer Present: Mon, Tue, Wed, Fri SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands T +31 (0)26 352 55 00 https://www.sidn.nl
pgpH6Xzx8nvKS.pgp
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
