[Opendnssec-user] trouble with default kasp

brendan sheridan sheridan at CS.ColoState.EDU
Thu Aug 6 02:32:20 UTC 2009


Hey again,

Thanks for your help. Embarrassingly enough, we had missed the ksmutil
setup step in the documentation.

We seem to have gotten the signer more or less working, but we were hoping
you could also clarify the format for the unsigned zone file, as we've 
only been able to have it sign flattened records with no SOA, ie

bill IN A 192.168.0.3
www IN CNAME fred
ns1 IN AAAA 2005:1023:1023::2

Thanks,
Brendan Sheridan

On Wed, 5 Aug 2009, Mattias Andersson wrote:

> Hi, I guess you have missed one step before that.
>
> You first have to once run
> ksmutil setup
> this will create your database.
>
> A second thing then, it should be
>
> ksmutil addzone example.com default /var/opendnssec/signconf/example.com.xml
> /var/opendnssec/unsigned/example.com /var/opendnssec/signed/example.com
>
> Good luck
>
> /Mattias
>
> sheridan at CS.ColoState.EDU skrev:
>> Hi, we're trying to get opendnssec up and running on some Debian based
>> systems (etch, Ubuntu hard/jaunty). We've got it installed and we're
>> trying to do our first signing. However, when we run:
>> 
>> ksmutil addzone example.com default /etc/opendnssec/kasp.xml
>> /var/opendnssec/unsigned/example.com /var/opendnssec/signed/example.com
>> 
>> we get a failure message:
>> 
>> zonelist filename set to /etc/opendnssec/zonelist.xml.
>> SQLite database set to: /var/opendnssec/kasp.db
>> ERROR: error executing SQL - no such table: policiesERROR: database
>> operation failed - no such table: policiesError, can't find policy :
>> default
>> Failed to update zones
>> 
>> which we take to mean that it can't find the default policy specified in
>> /etc/opendnssec/kasp.xml, but we're using the example file and it clearly
>> has a policy listed out with <Policy name="default">.
>> 
>> If we try to add the zone manually (without ksmutil) we get as far as
>> signer_engine_cli:
>> cmd> sign all
>> 
>> Error handling command: 'NoneType' object has no attribute
>> 'signatures_resign_time'Traceback (most recent call last):
>>   File "/usr/local/opendnssec/lib/opendnssec/signer/Engine.py", line 240,
>> in handle_command
>>     self.schedule_signing(zone)
>>   File "/usr/local/opendnssec/lib/opendnssec/signer/Engine.py", line 516,
>> in schedule_signing
>>     str(zone.zone_config.signatures_resign_time))
>> AttributeError: 'NoneType' object has no attribute 'signatures_resign_time'
>> 
>> Which we take to be the same problem? Any suggestions you can give us
>> would be highly appreciated.
>> 
>> Thanks,
>> Brendan Sheridan.
>> 
>> _______________________________________________
>> Opendnssec-user mailing list
>> Opendnssec-user at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>>
>> 
>
>



More information about the Opendnssec-user mailing list