[Opendnssec-develop] bug with adding zones on opendnssec trunk
Patrik Wallström
patrik.wallstrom at iis.se
Mon Sep 6 08:32:44 UTC 2010
On Sep 6, 2010, at 9:29 AM, Sion Lloyd wrote:
>
> On Saturday 04 Sep 2010 9:44:03 am Patrik Wallström wrote:
>> Add some zones using ods-ksmutil zone add. Then do ods-ksmutil update
>> zonelist, and all the (added) zones are removed from the configuration.
>> This was a really unexpected behaviour. But what should happen? Using zone
>> add the zones were never added to the zonelist.xml though, so I guess it
>> is correct, but the problem might be zone add.
>
> Are you using the --no-xml flag? There is an issue where adding zones to the
> database only followed by an update removes zones which don't exist in the
> database. (Normally we regard the zonelist as the authority.)
I did not use the --no-xml flag.
> So if you add zones without altering the xml you need to use the "ods-ksmutil
> zonelist export" command to create a new zonelist that reflects the database.
>
> Is it the case that the --no-xml flag is defaulting to on? What message do you
> get when you do a zone add?
I spent some time testing this now.
The problem (still) seems to be that if I start up the system from scratch, with no zones added, and the zonelist is empty - is that I get this error message (without --no-xml) when adding zones:
Not enough keys to satisfy zsk policy for zone: 6suffix.orgods-enforcerd will create some more keys on its next runError allocating zsks to zone 6suffix.orgFailed to Link Keys to zone
And also, nothing is added to zonelist.xml.
If I do exactly the same thing, but before starting the system add an example.com zone and setup the system with that, all new zones are added just fine with this message:
"Imported zone: 6suffix.org"
What is --no-xml used for? Can I run the system without any dependency on zonelist.xml?
--
Patrik Wallström
Project Manager, R&D
.SE (Stiftelsen för Internetinfrastruktur)
E-mail: patrik.wallstrom at iis.se
Web: http://www.iis.se/
More information about the Opendnssec-develop
mailing list