Hi, SoftHSM 1.3.5, opendnssec 1.4.3.
Today, I added about 30 more zones, I ran ods-ksmutil generate like I always do so that I can get the keys backuped before they are used, then I did ods-control enforcer notify so that it began its job with the new zones. Everything went well for the first 27 zones, and for the three last, it said : Dec 6 18:23:36 ns1 ods-enforcerd: Zone veryinbox.fr found. Dec 6 18:23:36 ns1 ods-enforcerd: Policy for veryinbox.fr set to default. Dec 6 18:23:36 ns1 ods-enforcerd: Config will be output to /usr/local/var/opendnssec/signconf/veryinbox.fr.xml. Dec 6 18:23:36 ns1 ods-enforcerd: Not enough keys to satisfy ksk policy for zone: veryinbox.fr Dec 6 18:23:36 ns1 ods-enforcerd: ods-enforcerd will create some more keys on its next run Dec 6 18:23:36 ns1 ods-enforcerd: Error allocating ksks to zone veryinbox.fr I went back and have a look, ods-ksmutil generate did generate enough keys, I tried HUP'ing it again, no luck, then stop/start, still no luck. Then I went on to remove the zones, HUP', and add them back, HUP', still no luck. I have 1614 zones in that policy, 1664 (yes, like the beer) zones total, is there supposed to be some kind of limit on the number of zones, or keys, or something, somewhere ? -- Mathieu Arnold _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
