[Opendnssec-user] RE: Build problem with Beta 2 version of OpenDNSSEC

Sitowitz, Paul PSitowitz at verisign.com
Tue Oct 13 23:03:37 UTC 2009 

Hello,

 

I just finished installing OpenDNSSEC 1.0.0b1 and updated my conf.xml
and kasp.xml, setup the slot Db for softHSM and the kasp db, and created
a zone file that I added with ods-signer with no issues. When I use
ods-sign test-zone.nl (name of my zone file) to sign my zone, the signer
conf file is correctly created BUT I run into the following error logged
to /var/log/messages indicating  that the temporary signed zone file can
NOT be created:

 

Oct 13 10:32:01 pcie ods-signerd: Received command: 'sign test-zone.nl'

Oct 13 10:32:01 pcie ods-signerd: Scheduling task to sign zone
test-zone.nl at 1255439313.78 with resign time 7200

Oct 13 10:32:01 pcie ods-signerd: acquire cond

Oct 13 10:32:01 pcie ods-signerd: notify

Oct 13 10:32:01 pcie ods-signerd: release cond

Oct 13 10:32:01 pcie ods-signerd: Releasing lock on engine

Oct 13 10:32:01 pcie ods-signerd: Sending response: Zone scheduled for
immediate resign  

Oct 13 10:32:01 pcie ods-signerd: worker 3 acquiring lock

Oct 13 10:32:01 pcie ods-signerd: worker 3 acquired lock

Oct 13 10:32:01 pcie ods-signerd: worker 3 released lock

Oct 13 10:32:01 pcie ods-signerd: Got task for worker 3

Oct 13 10:32:01 pcie ods-signerd: Worker 3 run task

Oct 13 10:32:01 pcie ods-signerd: Zone action to perform: 4

Oct 13 10:32:01 pcie ods-signerd: Run command:
'/usr/local/libexec/opendnssec/get_serial -f
/usr/local/var/opendnssec/signed/test-zone.nl'

Oct 13 10:32:01 pcie ods-signerd: Done handling command

Oct 13 10:32:01 pcie ods-signerd: Warning: get_serial returned 1

Oct 13 10:32:01 pcie ods-signerd: Run command:
'/usr/local/libexec/opendnssec/get_serial -f
/usr/local/var/opendnssec/unsigned/test-zone.nl'

Oct 13 10:32:01 pcie ods-signerd: Sorting zone: test-zone.nl

Oct 13 10:32:01 pcie ods-signerd: Run command:
'/usr/local/libexec/opendnssec/sorter -o test-zone.nl -f
/usr/local/var/opendnssec/unsigned/test-zone.nl -w
/usr/local/var/opendnssec/tmp/test-zone.nl.sorted'

Oct 13 10:32:01 pcie ods-signerd: Done sorting

Oct 13 10:32:01 pcie ods-signerd: Preprocessing zone: test-zone.nl

Oct 13 10:32:01 pcie ods-signerd: Run command:
'/usr/local/libexec/opendnssec/zone_reader -o test-zone.nl -w
/usr/local/var/opendnssec/tmp/test-zone.nl.processed -n -t 5 -a 1 -s
a50fd0e6b08eb60c'

Oct 13 10:32:01 pcie ods-signerd: Writing file to zone_reader:
/usr/local/var/opendnssec/tmp/test-zone.nl.sorted

Oct 13 10:32:01 pcie ods-signerd: Done preprocessing

Oct 13 10:32:01 pcie ods-signerd: NSEC(3)ing zone: test-zone.nl

Oct 13 10:32:01 pcie ods-signerd: Run command:
'/usr/local/libexec/opendnssec/nsec3er -o test-zone.nl -t 5 -a 1 -i
/usr/local/var/opendnssec/tmp/test-zone.nl.processed -w
/usr/local/var/opendnssec/tmp/test-zone.nl.nsecced -s a50fd0e6b08eb60c
-p'

Oct 13 10:32:01 pcie ods-signerd: Run command:
'/usr/local/libexec/opendnssec/signer -c /etc/opendnssec/conf.xml -p
/usr/local/var/opendnssec/tmp/test-zone.nl.signed -w
/usr/local/var/opendnssec/tmp/test-zone.nl.signed2 -r'

Oct 13 10:32:01 pcie ods-signerd: write to subp:  

Oct 13 10:32:01 pcie ods-signerd: write to subp: :origin test-zone.nl

Oct 13 10:32:01 pcie ods-signerd: write to subp: :soa_ttl 3600

Oct 13 10:32:01 pcie ods-signerd: write to subp: :soa_minimum 3600

Oct 13 10:32:01 pcie ods-signerd: Run command:
'/usr/local/libexec/opendnssec/get_serial -f
/usr/local/var/opendnssec/signed/test-zone.nl'

Oct 13 10:32:01 pcie ods-signerd: Warning: get_serial returned 1

Oct 13 10:32:01 pcie ods-signerd: set serial to 1255444321

Oct 13 10:32:01 pcie ods-signerd: write to subp: :expiration
20091020143201

Oct 13 10:32:01 pcie ods-signerd: write to subp: :expiration_denial
20091027143201

Oct 13 10:32:01 pcie ods-signerd: write to subp: :jitter 43200

Oct 13 10:32:01 pcie ods-signerd: write to subp: :inception
20091013142701

Oct 13 10:32:01 pcie ods-signerd: write to subp: :refresh 20091017143201

Oct 13 10:32:01 pcie ods-signerd: write to subp: :refresh_denial
20091024143201

Oct 13 10:32:01 pcie ods-signerd: use signature key:
7ae2b8750e5160637670c6c7482a88e7

Oct 13 10:32:01 pcie ods-signerd: write to subp: :add_ksk
7ae2b8750e5160637670c6c7482a88e7 7 257

Oct 13 10:32:01 pcie ods-signerd: use signature key:
3bf3aec7c548f229dd156a4d472e14d7

Oct 13 10:32:01 pcie ods-signerd: write to subp: :add_zsk
3bf3aec7c548f229dd156a4d472e14d7 7 256

Oct 13 10:32:01 pcie ods-signerd: signer stderr: Warning: unable to open
/usr/local/var/opendnssec/tmp/test-zone.nl.signed: No such file or
directory, performing full zone sign 

Oct 13 10:32:01 pcie ods-signerd: signer stderr: signer: number of
signatures created: 0 (within a second) 

Oct 13 10:32:01 pcie ods-signerd: No new signatures, keeping zone

Oct 13 10:32:01 pcie ods-signerd: worker 3 acquiring lock

Oct 13 10:32:01 pcie ods-signerd: worker 3 acquired lock

Oct 13 10:32:01 pcie ods-signerd: no task for worker 3, sleep for
7199.96837401

Oct 13 10:32:01 pcie ods-signerd: worker 3 released lock by going to
wait (for ttime)

Oct 13 10:33:30 pcie ods-signerd: Connection closed by peer

 

The signed zone file is Not created in  the signed folder. 

 

Do you have any suggestions of how I can resolve this issue? I checked
file permissions and that was not the issue.

 

Is there a way to increase logging verbosity to get more information
about what is happening?

 

As always, thanks for your help and support!

 

Paul

________________________________

From: Sitowitz, Paul 
Sent: Tuesday, October 13, 2009 11:53 AM
To: 'opendnssec-user at lists.opendnssec.org'
Subject: Build problem with Beta 2 version of OpenDNSSEC

 

Hello,

 

I just downloaded both the opendnssec-1.0.0b2.tar.gz
<http://www.opendnssec.org/files/source/opendnssec-1.0.0b2.tar.gz>  and 
opendnssec-1.0.0b2.tar.gz
<http://www.opendnssec.org/files/source/opendnssec-1.0.0b2.tar.gz>
distributions to build and install on a RHEL5.3 system. While the first
Beta version built and installed with no problems, I encountered the
following issue while trying to build the second Beta version:

 

Making all in utils

make[2]: Entering directory
`/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer/
utils'

/bin/sh ../libtool --tag=CC   --mode=link gcc -std=c99 -g -O2 -pedantic
-Wall -Wextra   -o ods-ksmutil ksmutil.o ../ksm/libksm.a -lxml2 -lz -lm
-L/usr/local/lib -lsqlite3 -L../../libhsm/src/.libs -lhsm
-L/usr/local/lib -lnsl  -lcrypto -lldns  

libtool: link: gcc -std=c99 -g -O2 -pedantic -Wall -Wextra -o
ods-ksmutil ksmutil.o  ../ksm/libksm.a -L/usr/local/lib
/usr/local/lib/libsqlite3.so -lpthread
-L/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/libhsm/s
rc/.libs /usr/local/lib/libhsm.so -lxml2 -lz -lm -ldl
/usr/local/lib/libldns.so -lnsl -lcrypto -Wl,-rpath -Wl,/usr/local/lib
-Wl,-rpath -Wl,/usr/local/lib

ksmutil.o: In function `cmd_genkeys':

/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer/u
tils/ksmutil.c:5810: undefined reference to `hsm_supported_algorithm'

/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer/u
tils/ksmutil.c:5885: undefined reference to `hsm_supported_algorithm'

ksmutil.o: In function `cmd_import':

/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer/u
tils/ksmutil.c:2981: undefined reference to `hsm_supported_algorithm'

collect2: ld returned 1 exit status

make[2]: *** [ods-ksmutil] Error 1

make[2]: Leaving directory
`/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer/
utils'

make[1]: *** [all-recursive] Error 1

make[1]: Leaving directory
`/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer'

make: *** [all-recursive] Error 1

 

Do you have any suggestions on how to fix this build issue?

 

Thanks,

 

Paul

 

________________________________

P a u l   S i t o w i t z

Naming Engineering

  
  

21345 Ridgetop Circle

Dulles, VA 20166-6503 

 

psitowitz at verisign.com <BLOCKED::mailto:psitowitz at verisign.com>  

(email)

703-948-3298        

(office)

703-626-3593          

(mobile)

 

This message is intended for the use of the individual or entity to
which it is addressed, and may contain information that is privileged,
Confidential and exempt from disclosure under applicable law. Any
unauthorized use, distribution, or disclosure is strictly prohibited. If
you have received this message in error, please notify sender
immediately and destroy/delete the original transmission

________________________________

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091013/d0355fd3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 894 bytes
Desc: image001.jpg
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091013/d0355fd3/attachment.jpg>

More information about the Opendnssec-user mailing list