>> all ds are seen. repository is flagged. i am still not asked to back >> keys up. >> >> <Repository name="SoftHSM"> >> <Module>/usr/local/lib/softhsm/libsofthsm.so</Module> >> <TokenLabel>opendnssec</TokenLabel> >> <PIN>sigh</PIN> >> <RequireBackup/> >> <SkipPublicKey/> >> </Repository> >> > > Are the keys generated after the update to the policy? Changes to the > policy only applies to keys generated after the change.
some KSKs were generated after the policy change, and sent to parent, and ds seen done. ZSKs are whacked frequently. > Could it be that the message is not logged because the ZSK is generated in > the same repository as the KSK? See the if-statement in: > https://github.com/opendnssec/opendnssec/blob/1.4/master/enforcer/enforcerd/enforcer.c#L575 is this a change? i.e. "it used to work!" :) randy _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
