<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I could solve the problem<br>
I missed ods-auditor<br>
Just do apt-get install-opendnssec-auditor<br>
<br>
Ramanou<br>
<div class="moz-cite-prefix">Le 25/03/2014 13:30, Ramanou Biaou a
écrit :<br>
</div>
<blockquote cite="mid:533176D5.2020500@netim.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Hello!<br>
I have some problems with my opendnssec,<br>
<br>
Signed files are not in the directory I specified in
"zonelist.xml"<br>
<br>
<small><ZoneList><br>
<Zone name="mydomaine.com"><br>
<Policy>test</Policy><br>
<SignerConfiguration>/var/lib/opendnssec/signconf/mydomaine.com.xml</SignerConfiguration><br>
<Adapters><br>
<Input><br>
<File>/var/chroot/bind9/var/named/masters/b/mydomaine.com</File><br>
</Input><br>
<Output><br>
<File>/var/chroot/bind9/var/named/masters/b/mydomaine.com.signed</File><br>
</Output><br>
</Adapters><br>
</Zone><br>
</ZoneList></small><br>
<br>
<br>
The signed files are put in the tmp/ directory <br>
<b><br>
</b><b>And in my log I have some informations</b><b><br>
</b><br>
<small>Mar 25 13:23:35 ns0 ods-signerd: acquire cond<br>
Mar 25 13:23:35 ns0 ods-signerd: notify<br>
Mar 25 13:23:35 ns0 ods-signerd: release cond<br>
Mar 25 13:23:35 ns0 ods-signerd: Releasing lock on zone
mydomaine.com<br>
Mar 25 13:23:35 ns0 ods-signerd: No output file found, seconds
to resign: 0<br>
Mar 25 13:23:35 ns0 ods-signerd: Scheduling task to sign zone
mydomaine.com at 1395750215.98 with resign time 7200<br>
Mar 25 13:23:35 ns0 ods-signerd: acquire cond<br>
Mar 25 13:23:35 ns0 ods-signerd: notify<br>
Mar 25 13:23:35 ns0 ods-signerd: release cond<br>
Mar 25 13:23:35 ns0 ods-signerd: Zone mydomaine.com added<br>
Mar 25 13:23:35 ns0 ods-signerd: additional groups: [109, 999]<br>
Mar 25 13:23:35 ns0 ods-signerd: Drop privileges to group
opendnssec<br>
Mar 25 13:23:35 ns0 ods-signerd: Drop privileges to user
opendnssec<br>
Mar 25 13:23:35 ns0 ods-signerd: opening socket:
/var/run/opendnssec/engine.sock<br>
Mar 25 13:23:35 ns0 ods-signerd: Engine running<br>
Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer
starting...<br>
Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer Parent
exiting...<br>
Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer forked
OK...<br>
Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer started
(version 1.1.3), pid 28820<br>
Mar 25 13:23:36 ns0 ods-enforcerd: HSM opened successfully.<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Reading config schema
"/usr/share/opendnssec/conf.rng"<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Communication Interval: 3600<br>
Mar 25 13:23:36 ns0 ods-enforcerd: No DS Submit command supplied<br>
Mar 25 13:23:36 ns0 ods-enforcerd: SQLite database set to:
/var/lib/opendnssec/db/kasp.db<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Log User set to: local0<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Switched log facility to:
local0<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Connecting to Database...<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Policy test found.<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Key sharing is Off.<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Purging keys...<br>
Mar 25 13:23:36 ns0 ods-enforcerd: zonelist filename set to
/etc/opendnssec/zonelist.xml.<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Zone mydomaine.com found.<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Policy for mydomaine.com set
to test.<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Config will be output to
/var/lib/opendnssec/signconf/mydomaine.com.xml.<br>
Mar 25 13:23:36 ns0 ods-enforcerd: WARNING: KSK Retirement
reached; please submit the new DS for mydomaine.com and use
ods-ksmutil key ds-seen when the DS appears in the DNS.<br>
Mar 25 13:23:36 ns0 ods-enforcerd: No change to:
/var/lib/opendnssec/signconf/mydomaine.com.xml<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Disconnecting from
Database...<br>
Mar 25 13:23:36 ns0 ods-enforcerd: Sleeping for 3600 seconds.<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquiring lock<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquired lock<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 1 released lock<br>
Mar 25 13:23:36 ns0 ods-signerd: Got task for worker 1<br>
Mar 25 13:23:36 ns0 ods-signerd: Worker 1 run task<br>
Mar 25 13:23:36 ns0 ods-signerd: Zone action to perform: 3<br>
Mar 25 13:23:36 ns0 ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/get_serial -f
/var/chroot/bind9/var/named/masters/b/mydomaine.com'<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 2 acquiring lock<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 2 acquired lock<br>
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 2, sleep for
0<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 2 released lock by going
to wait (indef)<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 3 acquiring lock<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 3 acquired lock<br>
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 3, sleep for
0<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 3 released lock by going
to wait (indef)<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 4 acquiring lock<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 4 acquired lock<br>
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 4, sleep for
0<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 4 released lock by going
to wait (indef)<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 5 acquiring lock<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 5 acquired lock<br>
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 5, sleep for
0<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 5 released lock by going
to wait (indef)<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 6 acquiring lock<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 6 acquired lock<br>
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 6, sleep for
0<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 6 released lock by going
to wait (indef)<br>
Mar 25 13:23:36 ns0 ods-signerd: Preprocessing signed zone:
mydomaine.com<br>
Mar 25 13:23:36 ns0 ods-signerd: No signed zone yet<br>
Mar 25 13:23:36 ns0 ods-signerd: Sorting zone: mydomaine.com<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 7 acquiring lock<br>
Mar 25 13:23:36 ns0 ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/quicksorter -o mydomaine.com. -f
/var/chroot/bind9/var/named/masters/b/mydomaine.com -w
/var/lib/opendnssec/tmp/mydomaine.com.sorted -m 3600 -t 3600'<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 7 acquired lock<br>
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 7, sleep for
0<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 8 acquiring lock<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 7 released lock by going
to wait (indef)<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 8 acquired lock<br>
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 8, sleep for
0<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 8 released lock by going
to wait (indef)<br>
Mar 25 13:23:36 ns0 ods-signerd: Done sorting<br>
Mar 25 13:23:36 ns0 ods-signerd: Nseccing zone: mydomaine.com<br>
Mar 25 13:23:36 ns0 ods-signerd: No information yet for key
14176499a031dd38a51f6096bf88275b<br>
Mar 25 13:23:36 ns0 ods-signerd: Generating DNSKEY RR for
14176499a031dd38a51f6096bf88275b<br>
Mar 25 13:23:36 ns0 ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/get_class -f
/var/lib/opendnssec/tmp/mydomaine.com.sorted'<br>
Mar 25 13:23:36 ns0 ods-signerd: create_dnskey status: 0<br>
Mar 25 13:23:36 ns0 ods-signerd: equality: True<br>
Mar 25 13:23:36 ns0 ods-signerd: Found key
14176499a031dd38a51f6096bf88275b<br>
Mar 25 13:23:36 ns0 ods-signerd: No information yet for key
a043a281ae9aa134a29b65e409de8cf7<br>
Mar 25 13:23:36 ns0 ods-signerd: Generating DNSKEY RR for
a043a281ae9aa134a29b65e409de8cf7<br>
Mar 25 13:23:36 ns0 ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/get_class -f
/var/lib/opendnssec/tmp/mydomaine.com.sorted'<br>
Mar 25 13:23:36 ns0 ods-signerd: create_dnskey status: 0<br>
Mar 25 13:23:36 ns0 ods-signerd: equality: True<br>
Mar 25 13:23:36 ns0 ods-signerd: Found key
a043a281ae9aa134a29b65e409de8cf7<br>
Mar 25 13:23:36 ns0 ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/get_class -f
/var/lib/opendnssec/tmp/mydomaine.com.sorted'<br>
Mar 25 13:23:36 ns0 ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/zone_reader -c
/etc/opendnssec/conf.xml -f
/var/lib/opendnssec/tmp/mydomaine.com.sorted -k 1 -o
mydomaine.com -s /var/lib/opendnssec/signconf/mydomaine.com.xml
-w /var/lib/opendnssec/tmp/mydomaine.com.nsecced -x
/var/lib/opendnssec/tmp/mydomaine.com.optout'<br>
Mar 25 13:23:36 ns0 ods-signerd: Writing file to zone_reader:
/var/lib/opendnssec/tmp/mydomaine.com.sorted<br>
Mar 25 13:23:36 ns0 ods-signerd: Done nseccing<br>
Mar 25 13:23:36 ns0 ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/get_serial -f
/var/chroot/bind9/var/named/masters/b/mydomaine.com'<br>
Mar 25 13:23:36 ns0 ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/signer -c
/etc/opendnssec/conf.xml -p
/var/lib/opendnssec/tmp/mydomaine.com.signed -w
/var/lib/opendnssec/tmp/mydomaine.com.signed2 -r -l local0'<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: <br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :origin
mydomaine.com<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :soa_ttl 3600<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :soa_minimum
3600<br>
Mar 25 13:23:36 ns0 ods-signerd: set serial to 2014032504<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :soa_serial
2014032504<br>
Mar 25 13:23:36 ns0 ods-signerd: set nsec3 values<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :nsec3_algorithm
1<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp:
:nsec3_iterations 5<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :nsec3_salt
8fce702f0d05922f<br>
Mar 25 13:23:36 ns0 ods-signerd: sign time: 20140325122336<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :expiration
20140327122336<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp:
:expiration_denial 20140327122336<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :jitter 7200<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :inception
20140325122236<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :refresh
20140326122336<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :refresh_denial
20140326122336<br>
Mar 25 13:23:36 ns0 ods-signerd: use signature key:
14176499a031dd38a51f6096bf88275b<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :add_ksk
14176499a031dd38a51f6096bf88275b 7 257<br>
Mar 25 13:23:36 ns0 ods-signerd: use signature key:
a043a281ae9aa134a29b65e409de8cf7<br>
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :add_zsk
a043a281ae9aa134a29b65e409de8cf7 7 256<br>
Mar 25 13:23:36 ns0 ods-signerd: signer stderr: signer: number
of signatures created: 0 (within a second)<br>
Mar 25 13:23:36 ns0 ods-signerd: Created 0 new signatures<br>
Mar 25 13:23:36 ns0 ods-signerd: Run command:
'/usr/lib/opendnssec/opendnssec/finalizer -f
/var/lib/opendnssec/tmp/mydomaine.com.signed -x
/var/lib/opendnssec/tmp/mydomaine.com.optout'<br>
Mar 25 13:23:36 ns0 ods-signerd: Running auditor on zone<br>
Mar 25 13:23:36 ns0 ods-signerd: Run command:
'/usr/bin/ods-auditor -c /etc/opendnssec/conf.xml -s
/var/lib/opendnssec/tmp/mydomaine.com.finalized -z
mydomaine.com'<br>
Mar 25 13:23:36 ns0 ods-signerd: command not found:
/usr/bin/ods-auditor<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquiring lock<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquired lock<br>
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 1, sleep for
7199.81595612<br>
Mar 25 13:23:36 ns0 ods-signerd: worker 1 released lock by going
to wait (for ttime)<br>
</small><br>
Someone idea to help me!<br>
<br>
Best Regards,<br>
Ramanou<br>
</blockquote>
<br>
</body>
</html>