Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

zonelist.xml

If you add zones directly into the zonelist (rather than using the ods-ksmutil zone add command) you must tell the enforcer to re-read the zone list by using the command:

Code Block
ods-ksmutil update zonelist

 

Monitoring the system

  • The pids used by the enforcer and signer processes are reported in syslog on startup.
  • The command 'ods-signer running' will report the status of the signer process, or restart it if it is not running.
  • When the enforcer daemon has run and completed enforcing the zones is sends a message to the syslog containing the text "Sleeping for" reporting how long it will be until it next runs 
  • The signer produces a log containing the text "[STAT]" whenever a zone is successfully signed
  • A Nagios plugin is available to check signed zones: https://github.com/opendnssec/dnssec-monitor

Logging

Details of logs produced by the system can be found on the Logging page.