When you update the content of an unsigned zone you must manually tell the signer engine to re-read the unsigned zone file using the ods-signer command like this:
When you make changes to conf.xml, kasp.xml or zonelist.xml you must run the
command (or the appropriate command listed below) in order for the changes to be propagated to the system database.
If you make changes to the enforcer or auditor section of the conf.xml file then you must run
ods-ksmutil update conf
For most other changes to the conf.xml file it is advisable to stop and start OpenDNSSEC to ensure the changes are detected.
When you make changes to a policy or add a new policy in kasp.xml you must update the changes to the database.
ods-ksmutil update kasp
When making changes to the KASP policy the following should also be considered:
After updating signature timers in the policy it may be helpful to issue the command:
$ ods-signer clear <zone>; ods-signer sign <zone>
as it will speed up acclimatising timers for the signatures.
If you add zones directly into the zonelist (rather than using the ods-ksmutil zone add command) you must tell the enforcer to re-read the zone list by using the command:
ods-ksmutil update zonelist
Details of logs produced by the system can be found on the Logging page.