
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html;

      charset=windows-1252">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hi Emil,</p>

    <p><br>

    </p>

    <p class="MsoNormal">><span

        style="font-size:12.0pt;font-family:"Times New

        Roman",serif;mso-fareast-language:SV" lang="EN-US">I can

        see that KSK and ZSK have been generated for the new zone when I

        run ods-ksmutil key list -v, <br>

      </span></p>

    <p class="MsoNormal"><span

        style="font-size:12.0pt;font-family:"Times New

        Roman",serif;mso-fareast-language:SV" lang="EN-US"><br>

      </span></p>

    <p class="MsoNormal"><span

        style="font-size:12.0pt;font-family:"Times New

        Roman",serif;mso-fareast-language:SV" lang="EN-US">This

        suggest that the ods-enforcerd have generated the required keys

        as inteded, which is good.<br>

      </span></p>

    <p class="MsoNormal"><span

        style="font-size:12.0pt;font-family:"Times New

        Roman",serif;mso-fareast-language:SV" lang="EN-US"><br>

      </span></p>

    <p class="MsoNormal"><span

        style="font-size:12.0pt;font-family:"Times New

        Roman",serif;mso-fareast-language:SV" lang="EN-US"><br>

      </span></p>

    <p class="MsoNormal"><span

        style="font-size:12.0pt;font-family:"Times New

        Roman",serif;mso-fareast-language:SV" lang="EN-US">>but

        when I try to run ods-signer sign example.domain.com I get an

        error message:</span></p>

    <p class="MsoNormal"><span

        style="font-size:12.0pt;font-family:"Times New

        Roman",serif;mso-fareast-language:SV" lang="EN-US">><br>

      </span></p>

    <span lang="EN-US">>Unable to connect to engine: connect()

      failed: No such file or directory</span><br>

    <br>

    This indicates that ods-signerd isn't running or something blocking

    it. Are other signing operations running as intended?<br>

    <br>

    AFAIK, one thing the ods-enforcerd issues after it generates new

    keys for a zone is 'ods-signer update ZONE'. This will update the

    signconf file for the zone with new keys details, do you see that

    file correctly or not?<br>

    <br>

    It usually sits in /var/opendnssec/signconf/ZONE.conf<br>

    <br>

    <br>

    Also I'm sure you tried restarting ods-signerd at least once, right

    ?<br>

    <br>

    Kareem.<br>

    <br>

    <div class="moz-cite-prefix">On 19/09/2018 15:41, Emil Landström

      wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:AM0PR03MB4274DDF48C20BAD55E313ED1801C0@AM0PR03MB4274.eurprd03.prod.outlook.com">

      <meta http-equiv="Content-Type" content="text/html;

        charset=windows-1252">

      <meta name="Generator" content="Microsoft Word 15 (filtered

        medium)">

      <style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:EN-US;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:#0563C1;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:#954F72;

        text-decoration:underline;}

span.EmailStyle17

        {mso-style-type:personal-compose;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:EN-US;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:70.85pt 70.85pt 70.85pt 70.85pt;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

      <div class="WordSection1">

        <p class="MsoNormal">Hi,<o:p></o:p></p>

        <p class="MsoNormal"><o:p> </o:p></p>

        <p class="MsoNormal"><span lang="EN-US">I’m running into an

            issue after having added a new zone with the command:<o:p></o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span

            style="font-size:12.0pt;font-family:"Times New

            Roman",serif;mso-fareast-language:SV" lang="EN-US">ods-ksmutil

            zone add -z example.domain.com -p policyname -i

            /zone/file/directory/unsigned/db.example.domain.com -o

            /zone/file/directory/signed/db.example.domain.com<o:p></o:p></span></p>

        <p class="MsoNormal"><span

            style="font-size:12.0pt;font-family:"Times New

            Roman",serif;mso-fareast-language:SV" lang="EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span

            style="font-size:12.0pt;font-family:"Times New

            Roman",serif;mso-fareast-language:SV" lang="EN-US">I

            can see that KSK and ZSK have been generated for the new

            zone when I run ods-ksmutil key list -v, but when I try to

            run ods-signer sign example.domain.com I get an error

            message:<o:p></o:p></span></p>

        <p class="MsoNormal"><span

            style="font-size:12.0pt;font-family:"Times New

            Roman",serif;mso-fareast-language:SV" lang="EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US">Unable to connect to

            engine: connect() failed: No such file or directory<o:p></o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US">After adding the new

            zone I also get this same error message while trying to sign

            an old existing zone. Before I added the new zone I was able

            to sign the old one without errors but now it doesn’t work

            anymore. Any ideas as to what could be wrong?<o:p></o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span lang="EN-US">//Emil Landström<o:p></o:p></span></p>

        <br>

        <p class="msipfooter2e508c49" style="margin:0" align="Left"><span

            style="font-size:8.0pt;font-family:Calibri;color:#000000">Sensitivity:

            Internal</span></p>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Opendnssec-user mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Opendnssec-user@lists.opendnssec.org">Opendnssec-user@lists.opendnssec.org</a>

<a class="moz-txt-link-freetext" href="https://lists.opendnssec.org/mailman/listinfo/opendnssec-user">https://lists.opendnssec.org/mailman/listinfo/opendnssec-user</a>

</pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Abdulkareem H. Ali

Operations Team Leader

CentralNic Group PLC

London Stock Exchange Symbol: CNIC


+44 20 3388 0600

<a class="moz-txt-link-abbreviated" href="http://www.CentralNic.com">www.CentralNic.com</a>


CentralNic Group PLC is a company registered in England and Wales with

company number 8576358. Registered Offices: 35-39 Moorgate, London, EC2R

6AR.

</pre>

  </body>

</html>