[Opendnssec-develop] ODS signs a zone twice initially
Rick Zijlker
rick.zijlker at sidn.nl
Thu Mar 4 15:05:51 UTC 2010
Hey all,
It seems like ODS always signs a zone twice initially. Is that as
intended? I didn't expect this. Resign was set to 2 hours, but the
signing only took 41 minutes. So that shouldn't be the cause.
Mar 4 13:00:26 signer1 ods-signerd: Scheduling task to sign zone nl at
1267704026.4 with resign time 7200
Mar 4 13:00:26 signer1 ods-signerd: Scheduling task to sign zone nl at
1267704026.4 with resign time 7200
Mar 4 13:00:26 signer1 ods-signerd: Zone nl added
Mar 4 13:00:26 signer1 ods-signerd: opening socket:
/var/run/opendnssec/engine.sock
Mar 4 13:00:26 signer1 ods-signerd: Engine running
Mar 4 13:00:26 signer1 ods-enforcerd: opendnssec-enforcer starting...
Mar 4 13:00:26 signer1 ods-enforcerd: opendnssec-enforcer Parent
exiting...
Mar 4 13:00:26 signer1 ods-enforcerd: opendnssec-enforcer forked OK...
Mar 4 13:00:26 signer1 ods-enforcerd: opendnssec-enforcer started
(version 1.0.0rc4-trunk), pid 14500
Mar 4 13:00:26 signer1 ods-enforcerd: HSM opened successfully.
Mar 4 13:00:26 signer1 ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"
Mar 4 13:00:26 signer1 ods-enforcerd: Reading config schema
"/usr/local/share/opendnssec/conf.rng"
Mar 4 13:00:26 signer1 ods-enforcerd: Communication Interval: 3600
Mar 4 13:00:26 signer1 ods-enforcerd: SQLite database set to:
/var/opendnssec/kasp.db
Mar 4 13:00:26 signer1 ods-enforcerd: Log User set to: local0
Mar 4 13:00:26 signer1 ods-enforcerd: Switched log facility to: local0
Mar 4 13:00:26 signer1 ods-enforcerd: Connecting to Database...
Mar 4 13:00:26 signer1 ods-enforcerd: Policy default found.
Mar 4 13:00:26 signer1 ods-enforcerd: Key sharing is Off.
Mar 4 13:00:26 signer1 ods-signerd: Zone action to perform: 3
Mar 4 13:00:26 signer1 ods-signerd: Resorting signed zone: nl
Mar 4 13:00:26 signer1 ods-signerd: stderr from sorter: Number of
records sorted: 12
Mar 4 13:00:26 signer1 ods-signerd: Preprocessing signed zone: nl
Mar 4 13:00:27 signer1 ods-signerd: Sorting zone: nl
Mar 4 13:00:29 signer1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key
pair generated
Mar 4 13:00:29 signer1 ods-enforcerd: Created KSK size: 2048, alg: 7
with id: 391bfa8cab90cb650ddc8c804ce78f7d in repository: softHSM and
database.
Mar 4 13:00:30 signer1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key
pair generated
Mar 4 13:00:30 signer1 ods-enforcerd: Created KSK size: 2048, alg: 7
with id: ad980ec78864e3538fd222f83a6f4592 in repository: softHSM and
database.
Mar 4 13:00:30 signer1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key
pair generated
Mar 4 13:00:30 signer1 ods-enforcerd: Created ZSK size: 1024, alg: 7
with id: f8a856fa42673a82c04a0a2f028e48d3 in repository: softHSM and
database.
Mar 4 13:00:30 signer1 ods-enforcerd: SoftHSM: C_GenerateKeyPair: Key
pair generated
Mar 4 13:00:30 signer1 ods-enforcerd: Created ZSK size: 1024, alg: 7
with id: 7864bffa0e939e7f060b55178a272b56 in repository: softHSM and
database.
Mar 4 13:00:30 signer1 ods-enforcerd: zonelist filename set to
/etc/opendnssec/zonelist.xml.
Mar 4 13:00:30 signer1 ods-enforcerd: Zone nl found.
Mar 4 13:00:30 signer1 ods-enforcerd: Policy for nl set to default.
Mar 4 13:00:30 signer1 ods-enforcerd: Config will be output to
/var/opendnssec/signconf/nl.xml.
Mar 4 13:00:31 signer1 ods-enforcerd: INFO: Promoting KSK from publish
to active as this is the first pass for the zone
Mar 4 13:00:31 signer1 ods-enforcerd: WARNING: Making non-backed up KSK
active, PLEASE make sure that you know the potential problems of using
keys which are not recoverable
Mar 4 13:00:31 signer1 ods-enforcerd: INFO: Promoting ZSK from publish
to active as this is the first pass for the zone
Mar 4 13:00:31 signer1 ods-enforcerd: WARNING: Making non-backed up ZSK
active, PLEASE make sure that you know the potential problems of using
keys which are not recoverable
Mar 4 13:00:31 signer1 ods-signerd: Received command: 'update nl'
Mar 4 13:00:31 signer1 ods-signerd: Scheduling task to sign zone nl,
zone in progress, scheduling as soon as possible
Mar 4 13:00:31 signer1 ods-enforcerd: Could not call signer engine
Mar 4 13:00:31 signer1 ods-enforcerd: Will continue: call 'ods-signer
update' to manually update zones
Mar 4 13:00:31 signer1 ods-enforcerd: Disconnecting from Database...
Mar 4 13:00:31 signer1 ods-enforcerd: Sleeping for 3600 seconds.
Mar 4 13:00:31 signer1 ods-signerd: Client socket shut down
Mar 4 13:06:11 signer1 ods-signerd: stderr from sorter: Number of
records sorted: 8807860
Mar 4 13:06:11 signer1 ods-signerd: Nseccing zone: nl
Mar 4 13:06:11 signer1 ods-signerd: No information yet for key
391bfa8cab90cb650ddc8c804ce78f7d
Mar 4 13:06:11 signer1 ods-signerd: Generating DNSKEY RR for
391bfa8cab90cb650ddc8c804ce78f7d
Mar 4 13:06:11 signer1 ods-signerd: Found key
391bfa8cab90cb650ddc8c804ce78f7d
Mar 4 13:06:11 signer1 ods-signerd: No information yet for key
ad980ec78864e3538fd222f83a6f4592
Mar 4 13:06:11 signer1 ods-signerd: Generating DNSKEY RR for
ad980ec78864e3538fd222f83a6f4592
Mar 4 13:06:11 signer1 ods-signerd: Found key
ad980ec78864e3538fd222f83a6f4592
Mar 4 13:06:11 signer1 ods-signerd: No information yet for key
f8a856fa42673a82c04a0a2f028e48d3
Mar 4 13:06:11 signer1 ods-signerd: Generating DNSKEY RR for
f8a856fa42673a82c04a0a2f028e48d3
Mar 4 13:06:11 signer1 ods-signerd: Found key
f8a856fa42673a82c04a0a2f028e48d3
Mar 4 13:06:11 signer1 ods-signerd: No information yet for key
7864bffa0e939e7f060b55178a272b56
Mar 4 13:06:11 signer1 ods-signerd: Generating DNSKEY RR for
7864bffa0e939e7f060b55178a272b56
Mar 4 13:06:11 signer1 ods-signerd: Found key
7864bffa0e939e7f060b55178a272b56
Mar 4 13:31:57 signer1 ods-signerd: signer stderr: signer: number of
signatures created: 723247 (611 rr/sec)
Mar 4 13:31:57 signer1 ods-signerd: Created 723247 new signatures
Mar 4 13:32:27 signer1 ods-signerd: Running auditor on zone
Mar 4 13:32:28 signer1 ods-auditor[14985]: Auditor started
Mar 4 13:32:28 signer1 ods-auditor[14985]: Auditor starting on nl
Mar 4 13:32:28 signer1 ods-auditor[14985]: Auditing nl zone : NSEC3
SIGNED
Mar 4 13:39:31 signer1 ods-auditor[14985]: SOA differs : from
2009111707 to 1267704734
Mar 4 13:39:42 signer1 ods-auditor[14985]: Key (25673) has gone
straight to active use without a prepublished phase
Mar 4 13:39:42 signer1 ods-auditor[14985]: Key (63901) has gone
straight to active use without a prepublished phase
Mar 4 13:39:42 signer1 ods-auditor[14985]: Finished auditing nl zone
Mar 4 13:39:42 signer1 ods-signerd: Auditor result: 3
Mar 4 13:39:42 signer1 ods-signerd: Zone action to perform: 3
Mar 4 13:39:42 signer1 ods-signerd: Resorting signed zone: nl
Mar 4 13:40:52 signer1 ods-signerd: stderr from sorter: Number of
records sorted: 1203193
Mar 4 13:40:52 signer1 ods-signerd: Preprocessing signed zone: nl
Mar 4 13:41:47 signer1 ods-signerd: Sorting zone: nl
Mar 4 13:47:36 signer1 ods-signerd: stderr from sorter: Number of
records sorted: 8807860
Mar 4 13:47:36 signer1 ods-signerd: Nseccing zone: nl
Mar 4 14:00:31 signer1 ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"
Mar 4 14:00:31 signer1 ods-enforcerd: Reading config schema
"/usr/local/share/opendnssec/conf.rng"
Mar 4 14:00:31 signer1 ods-enforcerd: Communication Interval: 3600
Mar 4 14:00:31 signer1 ods-enforcerd: SQLite database set to:
/var/opendnssec/kasp.db
Mar 4 14:00:31 signer1 ods-enforcerd: Log User set to: local0
Mar 4 14:00:31 signer1 ods-enforcerd: Switched log facility to: local0
Mar 4 14:00:31 signer1 ods-enforcerd: Connecting to Database...
Mar 4 14:00:31 signer1 ods-enforcerd: Policy default found.
Mar 4 14:00:31 signer1 ods-enforcerd: Key sharing is Off.
Mar 4 14:00:31 signer1 ods-enforcerd: zonelist filename set to
/etc/opendnssec/zonelist.xml.
Mar 4 14:00:31 signer1 ods-enforcerd: Zone nl found.
Mar 4 14:00:31 signer1 ods-enforcerd: Policy for nl set to default.
Mar 4 14:00:31 signer1 ods-enforcerd: Config will be output to
/var/opendnssec/signconf/nl.xml.
Mar 4 14:00:31 signer1 ods-enforcerd: No change to:
/var/opendnssec/signconf/nl.xml
Mar 4 14:00:31 signer1 ods-enforcerd: Disconnecting from Database...
Mar 4 14:00:31 signer1 ods-enforcerd: Sleeping for 3600 seconds.
Mar 4 14:10:24 signer1 ods-signerd: signer stderr: signer: number of
signatures created: 723247 (686 rr/sec)
Mar 4 14:10:24 signer1 ods-signerd: Created 723247 new signatures
Mar 4 14:10:54 signer1 ods-signerd: Running auditor on zone
Mar 4 14:10:54 signer1 ods-auditor[15561]: Auditor started
Mar 4 14:10:54 signer1 ods-auditor[15561]: Auditor starting on nl
Mar 4 14:10:54 signer1 ods-auditor[15561]: Auditing nl zone : NSEC3
SIGNED
Mar 4 14:18:28 signer1 ods-auditor[15561]: SOA differs : from
2009111707 to 1267707170
Mar 4 14:18:40 signer1 ods-auditor[15561]: Finished auditing nl zone
Mar 4 14:18:40 signer1 ods-signerd: Auditor result: 0
Mar 4 14:18:40 signer1 ods-signerd: Output zone to
/var/opendnssec/signed/nl
Mar 4 14:18:40 signer1 ods-signerd: Stored output serial: 1267707170
Regards,
Rick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20100304/c1fc3d9a/attachment.htm>
More information about the Opendnssec-develop
mailing list