-
Type:
Support
-
Status: Closed
-
Priority:
Minor
-
Resolution: Won't Fix
-
Affects Version/s: OpenDNSSEC 1.4.0
-
Fix Version/s: None
-
Component/s: Signer
-
Labels:None
-
Environment:
FreeBSD 8.1 (x86)
After re-initializing our tokens in SoftHSM with a different label and configuring OpenDNSSEC to use the new tokens, everything worked fine for about a week.
Then, all of a sudden we started getting validation errors from validns. It seems the signates for the DNSKEY and SOA RR's where invalid, but we couldn't discover why. We finally tried rolling the KSK and we haven't seen the error for two days since then. We are preparing to move our signed zone into production, but we can't until we understand what caused the error.
Attached is the output from jdnssec-tools which we used to debug the problem, with no luck.
- relates to
-
OPENDNSSEC-426 Clean working directory when reinitialize enforcer database
-
- Open
-