If you add zones directly into the zonelist (rather than using the ods-ksmutil zone add command) you must tell the enforcer to re-read the zone list by using the command:
ods-ksmutil update zonelist
Monitoring the system
- The pids used by the enforcer and signer processes are reported in syslog on startup.
- The command 'ods-signer running' will report the status of the signer process, or restart it if it is not running.
- When the enforcer daemon has run and completed enforcing the zones is sends a message to the syslog containing the text "Sleeping for" reporting how long it will be until it next runs
- The signer produces a log containing the text "[STAT]" whenever a zone is successfully signed
- A Nagios plugin is available to check signed zones: https://github.com/opendnssec/dnssec-monitor
Details of logs produced by the system can be found on the Logging page.