[Freeipa-users] Unable to configure DNSSEC signing
Gary T. Giesen
ggiesen+freeipa-users at giesen.me
Tue May 3 10:36:53 UTC 2016
I made a change to the zone to try to trigger an update and got the follow
in the log:
May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): serial 1462271604 (unsigned 1462271604)
May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): could not get zone keys for secure dynamic update
May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): receive_secure_serial: not found
I'm not sure if it's a cause for concern or not.
Cheers,
GTG
-----Original Message-----
From: Gary T. Giesen [mailto:ggiesen at giesen.me]
Sent: May-03-16 6:30 AM
To: 'Martin Basti' <mbasti at redhat.com>; freeipa-users at redhat.com
Subject: RE: [Freeipa-users] Unable to configure DNSSEC signing
May 03 06:21:09 host.example.com systemd[1]: Stopping Berkeley Internet Name
Domain (DNS) with native PKCS#11...
...
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): next key event: 03-May-2016 07:21:11.049
Cheers,
GTG
-----Original Message-----
From: Martin Basti [mailto:mbasti at redhat.com]
Sent: May-03-16 4:06 AM
To: Gary T. Giesen <ggiesen+freeipa-users at giesen.me>;
freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Unable to configure DNSSEC signing
Hello,
can you please check journalctl -u named-pkcs11 ?
Martin
More information about the Freeipa-users
mailing list