dnssec-keymgr fails to apply policy
Lefteris Tsintjelis
lefty at spes.gr
Sun Jun 23 00:48:21 UTC 2019
I am using FreeBSD with bind v9.11.8. v9.11.6P1 also had the same problem.
I am using ECDSAP256SHA256 for ZSK and KSK. I have made a very simple
policy that I am trying to automate by using dnssec-keymgr in crontab.
policy default {
directory "/usr/local/etc/namedb/keys";
algorithm ECDSAP256SHA256;
pre-publish zsk 1w;
post-publish zsk 1w;
roll-period zsk 2mo;
};
zone example.com {
policy default;
};
However, every time I run:
dnssec-keymgr -K /usr/local/etc/namedb/keys -r /dev/random
I always get this message:
Unable to apply policy: example.com/ECDSAP256SHA256: unsupported operand
type(s) for +: 'float' and 'NoneType'
Any ideas what this may be?
More information about the bind-users
mailing list