Hi all, when I add a new zone to my DNS server, I'm always a bit confused about the correct workflow. In the docs under "Adding/Removing zones" I just find a call of "ods-ksmutil zone add --zone example.com". This call works fine and adds the configuration. But the zone is not signed within minutes.
By private mail contact with Matthijs I found out that I should send a HUP signal to the enforcer. I think is cannot be everything needs to be done. Doing this the unsigned zone file is not found, because zone fetcher hasn't got it yet. I'm running a bind with an internal view for OpenDNSSEC with unsigned zone data and an external view with signed zone for the rest of the world. When I add a new unsigned zone to bind, what needs to be done to get a signed zone back to bind? Should I first call "ods-ksmutil zone add --zone example.com", then restart all of OpenDNSSEC software and finally reload bind to send AXFR to OpenDNSSEC or do I have to perform these steps in a different order? After restarting everything and changing SOA again in bind and reload everything works, but I don't know how to optimize (or script) this procedure. Best regards, Volker Janzen _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
