With the previously reported problems, I found the auditor blocking signing of domains entirely. It was not until I had repaired them, and restarted ods-control, that additional domains were handled. Until that point, all the later-added domains were deadlocked.
Now this is startling. Does it mean that the Auditor does not block a single erroneous domain from being signed, but actually stop the entire OpenDNSSEC project? Does that not make the entire infrastructure quite brittle and unreliable?
Cheers,
-Rick