[Opendnssec-develop] Problem with signing

Rick Zijlker rick.zijlker at sidn.nl
Mon Oct 26 10:59:43 UTC 2009 

Hey all,

 

Thanks for all the replies. I just installed to beta4 but it looks like
there is still some reference to beta3:

 

rick at OpenDNSSEC:~/opendnssec-1.0.0b4/bin$ sudo ods-control start

Starting signer engine...

OpenDNSSEC signer engine version 1.0.0b3

Zone list updated: 0 removed, 1 added, 0 updated

running as pid 18234

Starting enforcer...

OpenDNSSEC ods-enforcerd started (version 1.0.0b3), pid 18236

 

Anyhow, I still get the same messages when signing my zone. Included
full log now, just in case it's needed:

 

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Preprocessing zone: rick.nl

Oct 26 11:43:48 OpenDNSSEC ods-signerd: No information yet for key
86a68fb1d4c5f13e136fea49f516b901

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Generating DNSKEY RR for
86a68fb1d4c5f13e136fea49f516b901

Oct 26 11:43:48 OpenDNSSEC ods-signerd: create_dnskey status: 0

Oct 26 11:43:48 OpenDNSSEC ods-signerd: equality: True

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Found key
86a68fb1d4c5f13e136fea49f516b901

Oct 26 11:43:48 OpenDNSSEC ods-signerd: No information yet for key
9ddcc27e593f30262d2e9ed07fc62050

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Generating DNSKEY RR for
9ddcc27e593f30262d2e9ed07fc62050

Oct 26 11:43:48 OpenDNSSEC ods-signerd: create_dnskey status: 0

Oct 26 11:43:48 OpenDNSSEC ods-signerd: equality: True

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Found key
9ddcc27e593f30262d2e9ed07fc62050

Oct 26 11:43:48 OpenDNSSEC ods-signerd: No information yet for key
4ca3fc29814d44c9fa6f65ce15d3002e

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Generating DNSKEY RR for
4ca3fc29814d44c9fa6f65ce15d3002e

Oct 26 11:43:48 OpenDNSSEC ods-signerd: create_dnskey status: 0

Oct 26 11:43:48 OpenDNSSEC ods-signerd: equality: True

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Found key
4ca3fc29814d44c9fa6f65ce15d3002e

Oct 26 11:43:48 OpenDNSSEC ods-signerd: No information yet for key
c3bb107f6ee9c397d231cb7a78b30a4e

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Generating DNSKEY RR for
c3bb107f6ee9c397d231cb7a78b30a4e

Oct 26 11:43:48 OpenDNSSEC ods-signerd: create_dnskey status: 0

Oct 26 11:43:48 OpenDNSSEC ods-signerd: equality: True

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Found key
c3bb107f6ee9c397d231cb7a78b30a4e

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Run command:
'/usr/local/libexec/opendnssec/zone_reader -o rick.nl -w
/var/opendnssec/tmp/rick.nl.processed -n -t 5 -a 1 -s 4b6e62787e55936b'

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Writing file to zone_reader:
/var/opendnssec/tmp/rick.nl.sorted

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Done preprocessing

Oct 26 11:43:48 OpenDNSSEC ods-signerd: NSEC(3)ing zone: rick.nl

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Run command:
'/usr/local/libexec/opendnssec/nsec3er -o rick.nl -t 5 -a 1 -i
/var/opendnssec/tmp/rick.nl.processed -w
/var/opendnssec/tmp/rick.nl.nsecced -m 3600 -s 4b6e62787e55936b -p'

Oct 26 11:43:48 OpenDNSSEC ods-signerd: stderr from nseccer: nsec3er: 2
NSEC3 records generated within a second

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Run command:
'/usr/local/libexec/opendnssec/signer -c /etc/opendnssec/conf.xml -p
/var/opendnssec/tmp/rick.nl.signed -w
/var/opendnssec/tmp/rick.nl.signed2 -r'

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp:

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp: :origin rick.nl

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp: :soa_ttl 3600

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp: :soa_minimum 3600

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Run command:
'/usr/local/libexec/opendnssec/get_serial -f
/var/opendnssec/signed/rick.nl'

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Warning: get_serial returned 1

Oct 26 11:43:48 OpenDNSSEC ods-signerd: set serial to 1256553828

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp: :expiration
20091102104348

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp:
:expiration_denial 20091102104348

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp: :jitter 43200

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp: :inception
20091026103848

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp: :refresh
20091030104348

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp: :refresh_denial
20091030104348

Oct 26 11:43:48 OpenDNSSEC ods-signerd: use signature key:
86a68fb1d4c5f13e136fea49f516b901

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp: :add_ksk
86a68fb1d4c5f13e136fea49f516b901 7 257

Oct 26 11:43:48 OpenDNSSEC ods-signerd: use signature key:
4ca3fc29814d44c9fa6f65ce15d3002e

Oct 26 11:43:48 OpenDNSSEC ods-signerd: write to subp: :add_zsk
4ca3fc29814d44c9fa6f65ce15d3002e 7 256

Oct 26 11:43:48 OpenDNSSEC ods-signerd: signer stderr: Warning: unable
to open /var/opendnssec/tmp/rick.nl.signed: No such file or directory,
performing full zone sign

Oct 26 11:43:48 OpenDNSSEC ods-signerd: signer stderr: signer: number of
signatures created: 8 (within a second)

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Created 8 new signatures

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Run command:
'/usr/local/libexec/opendnssec/finalizer -f
/var/opendnssec/tmp/rick.nl.signed'

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Running auditor on zone

Oct 26 11:43:48 OpenDNSSEC ods-signerd: Run command:
'/usr/local/bin/ods-auditor -c /etc/opendnssec/conf.xml -s
/var/opendnssec/tmp/rick.nl.finalized -z rick.nl'

Oct 26 11:43:49 OpenDNSSEC ods-auditor[18269]: SOA differs : from
2002022401 to 1256553828

Oct 26 11:43:49 OpenDNSSEC ods-auditor[18269]: Auditing rick.nl zone :
NSEC3 SIGNED

Oct 26 11:43:49 OpenDNSSEC ods-auditor[18269]: non-DNSSEC RRSet MX
included in Output that was not present in Input :
rick.nl.^I3600^IIN^IMX^I10 mail.another.nl

Oct 26 11:43:49 OpenDNSSEC ods-auditor[18269]: non-DNSSEC RRSet NS
included in Output that was not present in Input :
rick.nl.^I3600^IIN^INS^Ins1.rick.nl

Oct 26 11:43:49 OpenDNSSEC ods-auditor[18269]: non-DNSSEC RRSet NS
included in Output that was not present in Input :
rick.nl.^I3600^IIN^INS^Ins2.smokeyjoe.nl

Oct 26 11:43:49 OpenDNSSEC ods-auditor[18269]: Output zone does not
contain non-DNSSEC RRSet : MX, IN.rick.nl.^I3600^IIN^IMX^I10
mail.another.nl

Oct 26 11:43:49 OpenDNSSEC ods-auditor[18269]: Output zone does not
contain non-DNSSEC RRSet : NS, IN.rick.nl.^I3600^IIN^INS^Ins1.rick.nl

Oct 26 11:43:49 OpenDNSSEC ods-auditor[18269]: Output zone does not
contain non-DNSSEC RRSet : NS,
IN.rick.nl.^I3600^IIN^INS^Ins2.smokeyjoe.nl

Oct 26 11:43:49 OpenDNSSEC ods-auditor[18269]: Finished auditing rick.nl
zone

Oct 26 11:43:49 OpenDNSSEC ods-signerd: Auditor result: 3

Oct 26 11:43:49 OpenDNSSEC ods-signerd: worker 1 acquiring lock

Oct 26 11:43:49 OpenDNSSEC ods-signerd: worker 1 acquired lock

Oct 26 11:43:49 OpenDNSSEC ods-signerd: no task for worker 1, sleep for
7198.98547602

Oct 26 11:43:49 OpenDNSSEC ods-signerd: worker 1 released lock by going
to wait (for ttime)

 

 

Im going to try to import the zone into BIND to check if it also rejects
the zone file. Maybe there is something terribly wrong with it.

 

Cheers,

Rick

 

 

From: Alexd at nominet.org.uk [mailto:Alexd at nominet.org.uk] 
Sent: maandag 26 oktober 2009 11:11
To: Matthijs Mekking
Cc: opendnssec-develop at lists.opendnssec.org;
opendnssec-develop-bounces at lists.opendnssec.org; Rick Zijlker
Subject: Re: [Opendnssec-develop] Problem with signing

 

> To conclude, I think this is an auditor issue.

This temporary auditor issue was resolved on Friday. I am not aware of
any current issues with the auditor. 


Alex.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20091026/7c402b4d/attachment.htm>

More information about the Opendnssec-develop mailing list