I made a change to the zone to try to trigger an update and got the follow in the log:
May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN (signed): serial 1462271604 (unsigned 1462271604) May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN (signed): could not get zone keys for secure dynamic update May 03 06:33:24 host.example.com named-pkcs11[27082]: zone example.com/IN (signed): receive_secure_serial: not found I'm not sure if it's a cause for concern or not. Cheers, GTG -----Original Message----- From: Gary T. Giesen [mailto:[email protected]] Sent: May-03-16 6:30 AM To: 'Martin Basti' <[email protected]>; [email protected] Subject: RE: [Freeipa-users] Unable to configure DNSSEC signing May 03 06:21:09 host.example.com systemd[1]: Stopping Berkeley Internet Name Domain (DNS) with native PKCS#11... ... May 03 06:21:11 host.example.com named-pkcs11[27082]: zone example.com/IN (signed): next key event: 03-May-2016 07:21:11.049 Cheers, GTG -----Original Message----- From: Martin Basti [mailto:[email protected]] Sent: May-03-16 4:06 AM To: Gary T. Giesen <[email protected]>; [email protected] Subject: Re: [Freeipa-users] Unable to configure DNSSEC signing Hello, can you please check journalctl -u named-pkcs11 ? Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
