[Opendnssec-develop] [OpenDNSSEC] #179: Auditor problem with srv records and hypens

OpenDNSSEC owner-dnssec-trac at kirei.se
Fri Aug 27 15:40:57 UTC 2010 

#179: Auditor problem with srv records and hypens
------------------------------------------------------+---------------------
Reporter:  Pásztor János <pasja@…>                    |       Owner:  alex   
    Type:  defect                                     |      Status:  new    
Priority:  critical                                   |   Component:  Auditor
 Version:  1.1.1                                      |    Keywords:         
------------------------------------------------------+---------------------
 Hi!

 I've installed OpenDNSSEC 1.1.1, ldns 1.6.6 from source, every other
 dependency from the lenny repositories.

 I've tried to sign my zone with the default policy, and the auditing has
 failed. I've isolated the problem, and made an example.com zone where you
 could reproduce the problem.

 Here is the zone:
 {{{
 $TTL 1d

 @       2560    IN      SOA     ns.example.com. (hostmaster.example.com.
 2010082201 7200 300 1048576 2560)

 @       IN      NS      ns
 ns      A       145.23.12.65

 a       A       156.123.123.123
 b       A       156.123.123.123
 c       A       156.123.123.123

 hypen-hypen     A       145.23.12.65

 i       A       156.123.123.123
 j       A       156.123.123.123
 k       A       156.123.123.123
 nk      A       156.123.123.123

 _sip._udp.niif-deverto 86400 IN SRV 10 10 5060 deverto2.example2.com.
 _sip._udp.niif-deverto 86400 IN SRV 10 20 5060 deverto1.example2.com.
 _sip._udp.niif-deverto 86400 IN SRV 20 0 5060 deverto2.example2.com.

 nv      A       156.123.123.123
 }}}

 And here is the error message:

 {{{
 Aug 27 17:20:10 iszt ods-auditor[2905]: Auditor started
 Aug 27 17:20:10 iszt ods-auditor[2905]: Auditor starting on example.com
 Aug 27 17:20:10 iszt ods-auditor[2905]: SOA differs : from 2010082201 to
 2010082700
 Aug 27 17:20:10 iszt ods-auditor[2905]: Auditing example.com zone : NSEC3
 SIGNED
 Aug 27 17:20:10 iszt ods-auditor[2905]: Can't find NSEC3 for empty
 nonterminal niif-deverto.example.com (should be
 nu9ts1ij799r0lgfgbp9n39hlt1tkk0m.example.com)
 Aug 27 17:20:10 iszt ods-auditor[2905]: Finished auditing example.com zone
 }}}

 If you set <WorkerThreads>1</WorkerThreads> in conf.xml (8 thread is too
 much noise in syslog) and the auditing is failed, and you've got another
 zones in OpenDNSSEC, they won't be signed!

 From syslog
 {{{
 Aug 27 17:20:10 iszt ods-signerd: Auditor result: 3
 Aug 27 17:20:10 iszt ods-signerd: worker 1 acquiring lock
 Aug 27 17:20:10 iszt ods-signerd: worker 1 acquired lock
 Aug 27 17:20:10 iszt ods-signerd: no task for worker 1, sleep for
 7195.82540584
 Aug 27 17:20:10 iszt ods-signerd: worker 1 released lock by going to wait
 (for ttime)
 }}}

-- 
Ticket URL: <http://trac.opendnssec.org/ticket/179>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC

More information about the Opendnssec-develop mailing list