[Opendnssec-user] RE: Build problem with Beta 2 version of OpenDNSSEC

Matthijs Mekking matthijs at NLnetLabs.nl
Wed Oct 14 06:20:29 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

The warning is a first-time warning of the signer, when it has no
internal zone information yet. Signing a large zone might take a while
in that case. However, it seems to have signed an empty zone.

Did the sorting work? Did the preprocessing work? Did the NSEC3ing work?
You can check it by looking at the files in the tmp/ directory:
test-zone.nl.{sorted, processed, nsecced}

Best regards,

Matthijs

Sitowitz, Paul wrote:
> Hello,
> 
>  
> 
> I just finished installing OpenDNSSEC 1.0.0b1 and updated my conf.xml
> and kasp.xml, setup the slot Db for softHSM and the kasp db, and created
> a zone file that I added with ods-signer with no issues. When I use
> ods-sign test-zone.nl (name of my zone file) to sign my zone, the signer
> conf file is correctly created BUT I run into the following error logged
> to /var/log/messages indicating  that the temporary signed zone file can
> NOT be created:
> 
>  
> 
> Oct 13 10:32:01 pcie ods-signerd: Received command: 'sign test-zone.nl'
> 
> Oct 13 10:32:01 pcie ods-signerd: Scheduling task to sign zone
> test-zone.nl at 1255439313.78 with resign time 7200
> 
> Oct 13 10:32:01 pcie ods-signerd: acquire cond
> 
> Oct 13 10:32:01 pcie ods-signerd: notify
> 
> Oct 13 10:32:01 pcie ods-signerd: release cond
> 
> Oct 13 10:32:01 pcie ods-signerd: Releasing lock on engine
> 
> Oct 13 10:32:01 pcie ods-signerd: Sending response: Zone scheduled for
> immediate resign 
> 
> Oct 13 10:32:01 pcie ods-signerd: worker 3 acquiring lock
> 
> Oct 13 10:32:01 pcie ods-signerd: worker 3 acquired lock
> 
> Oct 13 10:32:01 pcie ods-signerd: worker 3 released lock
> 
> Oct 13 10:32:01 pcie ods-signerd: Got task for worker 3
> 
> Oct 13 10:32:01 pcie ods-signerd: Worker 3 run task
> 
> Oct 13 10:32:01 pcie ods-signerd: Zone action to perform: 4
> 
> Oct 13 10:32:01 pcie ods-signerd: Run command:
> '/usr/local/libexec/opendnssec/get_serial -f
> /usr/local/var/opendnssec/signed/test-zone.nl'
> 
> Oct 13 10:32:01 pcie ods-signerd: Done handling command
> 
> Oct 13 10:32:01 pcie ods-signerd: Warning: get_serial returned 1
> 
> Oct 13 10:32:01 pcie ods-signerd: Run command:
> '/usr/local/libexec/opendnssec/get_serial -f
> /usr/local/var/opendnssec/unsigned/test-zone.nl'
> 
> Oct 13 10:32:01 pcie ods-signerd: Sorting zone: test-zone.nl
> 
> Oct 13 10:32:01 pcie ods-signerd: Run command:
> '/usr/local/libexec/opendnssec/sorter -o test-zone.nl -f
> /usr/local/var/opendnssec/unsigned/test-zone.nl -w
> /usr/local/var/opendnssec/tmp/test-zone.nl.sorted'
> 
> Oct 13 10:32:01 pcie ods-signerd: Done sorting
> 
> Oct 13 10:32:01 pcie ods-signerd: Preprocessing zone: test-zone.nl
> 
> Oct 13 10:32:01 pcie ods-signerd: Run command:
> '/usr/local/libexec/opendnssec/zone_reader -o test-zone.nl -w
> /usr/local/var/opendnssec/tmp/test-zone.nl.processed -n -t 5 -a 1 -s
> a50fd0e6b08eb60c'
> 
> Oct 13 10:32:01 pcie ods-signerd: Writing file to zone_reader:
> /usr/local/var/opendnssec/tmp/test-zone.nl.sorted
> 
> Oct 13 10:32:01 pcie ods-signerd: Done preprocessing
> 
> Oct 13 10:32:01 pcie ods-signerd: NSEC(3)ing zone: test-zone.nl
> 
> Oct 13 10:32:01 pcie ods-signerd: Run command:
> '/usr/local/libexec/opendnssec/nsec3er -o test-zone.nl -t 5 -a 1 -i
> /usr/local/var/opendnssec/tmp/test-zone.nl.processed -w
> /usr/local/var/opendnssec/tmp/test-zone.nl.nsecced -s a50fd0e6b08eb60c -p'
> 
> Oct 13 10:32:01 pcie ods-signerd: Run command:
> '/usr/local/libexec/opendnssec/signer -c /etc/opendnssec/conf.xml -p
> /usr/local/var/opendnssec/tmp/test-zone.nl.signed -w
> /usr/local/var/opendnssec/tmp/test-zone.nl.signed2 -r'
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: 
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :origin test-zone.nl
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :soa_ttl 3600
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :soa_minimum 3600
> 
> Oct 13 10:32:01 pcie ods-signerd: Run command:
> '/usr/local/libexec/opendnssec/get_serial -f
> /usr/local/var/opendnssec/signed/test-zone.nl'
> 
> Oct 13 10:32:01 pcie ods-signerd: Warning: get_serial returned 1
> 
> Oct 13 10:32:01 pcie ods-signerd: set serial to 1255444321
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :expiration 20091020143201
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :expiration_denial
> 20091027143201
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :jitter 43200
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :inception 20091013142701
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :refresh 20091017143201
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :refresh_denial
> 20091024143201
> 
> Oct 13 10:32:01 pcie ods-signerd: use signature key:
> 7ae2b8750e5160637670c6c7482a88e7
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :add_ksk
> 7ae2b8750e5160637670c6c7482a88e7 7 257
> 
> Oct 13 10:32:01 pcie ods-signerd: use signature key:
> 3bf3aec7c548f229dd156a4d472e14d7
> 
> Oct 13 10:32:01 pcie ods-signerd: write to subp: :add_zsk
> 3bf3aec7c548f229dd156a4d472e14d7 7 256
> 
> *Oct 13 10:32:01 pcie ods-signerd: signer stderr: Warning: unable to
> open /usr/local/var/opendnssec/tmp/test-zone.nl.signed: No such file or
> directory, performing full zone sign *
> 
> *Oct 13 10:32:01 pcie ods-signerd: signer stderr: signer: number of
> signatures created: 0 (within a second) *
> 
> Oct 13 10:32:01 pcie ods-signerd: No new signatures, keeping zone
> 
> Oct 13 10:32:01 pcie ods-signerd: worker 3 acquiring lock
> 
> Oct 13 10:32:01 pcie ods-signerd: worker 3 acquired lock
> 
> Oct 13 10:32:01 pcie ods-signerd: no task for worker 3, sleep for
> 7199.96837401
> 
> Oct 13 10:32:01 pcie ods-signerd: worker 3 released lock by going to
> wait (for ttime)
> 
> Oct 13 10:33:30 pcie ods-signerd: Connection closed by peer
> 
>  
> 
> The signed zone file is Not created in  the signed folder.
> 
>  
> 
> Do you have any suggestions of how I can resolve this issue? I checked
> file permissions and that was not the issue.
> 
>  
> 
> Is there a way to increase logging verbosity to get more information
> about what is happening?
> 
>  
> 
> As always, thanks for your help and support!
> 
>  
> 
> Paul
> 
> ------------------------------------------------------------------------
> 
> *From:* Sitowitz, Paul
> *Sent:* Tuesday, October 13, 2009 11:53 AM
> *To:* 'opendnssec-user at lists.opendnssec.org'
> *Subject:* Build problem with Beta 2 version of OpenDNSSEC
> 
>  
> 
> Hello,
> 
>  
> 
> I just downloaded both the opendnssec-1.0.0b2.tar.gz
> <http://www.opendnssec.org/files/source/opendnssec-1.0.0b2.tar.gz> and
> opendnssec-1.0.0b2.tar.gz
> <http://www.opendnssec.org/files/source/opendnssec-1.0.0b2.tar.gz>
> distributions to build and install on a RHEL5.3 system. While the first
> Beta version built and installed with no problems, I encountered the
> following issue while trying to build the second Beta version:
> 
>  
> 
> Making all in utils
> 
> make[2]: Entering directory
> `/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer/utils'
> 
> /bin/sh ../libtool --tag=CC   --mode=link gcc -std=c99 -g -O2 -pedantic
> -Wall -Wextra   -o ods-ksmutil ksmutil.o ../ksm/libksm.a -lxml2 -lz -lm
> -L/usr/local/lib -lsqlite3 -L../../libhsm/src/.libs -lhsm 
> -L/usr/local/lib -lnsl  -lcrypto -lldns 
> 
> libtool: link: gcc -std=c99 -g -O2 -pedantic -Wall -Wextra -o
> ods-ksmutil ksmutil.o  ../ksm/libksm.a -L/usr/local/lib
> /usr/local/lib/libsqlite3.so -lpthread
> -L/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/libhsm/src/.libs
> /usr/local/lib/libhsm.so -lxml2 -lz -lm -ldl /usr/local/lib/libldns.so
> -lnsl -lcrypto -Wl,-rpath -Wl,/usr/local/lib -Wl,-rpath -Wl,/usr/local/lib
> 
> ksmutil.o: In function `cmd_genkeys':
> 
> /usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer/utils/ksmutil.c:5810:
> undefined reference to `hsm_supported_algorithm'
> 
> /usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer/utils/ksmutil.c:5885:
> undefined reference to `hsm_supported_algorithm'
> 
> ksmutil.o: In function `cmd_import':
> 
> /usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer/utils/ksmutil.c:2981:
> undefined reference to `hsm_supported_algorithm'
> 
> collect2: ld returned 1 exit status
> 
> make[2]: *** [ods-ksmutil] Error 1
> 
> make[2]: Leaving directory
> `/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer/utils'
> 
> make[1]: *** [all-recursive] Error 1
> 
> make[1]: Leaving directory
> `/usr/src/redhat/openDNSSEC/new-oct-12-2009/opendnssec-1.0.0b2/enforcer'
> 
> make: *** [all-recursive] Error 1
> 
>  
> 
> Do you have any suggestions on how to fix this build issue?
> 
>  
> 
> Thanks,
> 
>  
> 
> Paul
> 
>  
> 
> *
> ------------------------------------------------------------------------
> *
> 
> *P a u l   S i t o w i t z*
> 
> *Naming Engineering*
> 
>  
> 
> *** ***
> 
> 21345 Ridgetop Circle
> 
> Dulles, VA 20166-6503 
> 
>  
> 
> psitowitz at verisign.com <BLOCKED::mailto:psitowitz at verisign.com> 
> 
> 	
> 
> (email)
> 
> 703-948-3298        
> 
> 	
> 
> (office)
> 
> 703-626-3593          
> 
> 	
> 
> (mobile)
> 
>  
> 
> /This message is intended for the use of the individual or entity to
> which it is addressed, and may contain information that is privileged,
> Confidential and exempt from disclosure under applicable law. Any
> unauthorized use, distribution//,/ /or disclosure is strictly
> prohibited. If you have received this message in error, please notify
> sender immediately and destroy/delete the original transmission/
> 
> ------------------------------------------------------------------------
> 
>  
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJK1W2qAAoJEA8yVCPsQCW5FIUIAI8HmA0EaJGIKzqzvDOlua4p
LuRh5afaL8iXLj5sOL378Bm101WtcrZqQnEKBiWSLGhSrUyuhXZ7T8/kRhTtf2G3
ZA4qHQOo0PAwNJIv/dIdkBp8suxLD2USfgVCupRZUzQan1w043wPSebN3zG/42EI
venF6e7odhu9KTIPJ96rZLAdMqImpvZnTGZlr5HZEdbZqzqR81Oth25P+H7jSo3t
hdF+4xYD0Mt7/olFa6gxjH9+lxRsNQrDY0vW7MNM65tS4YQPzunc3xOfdSOhIUq4
c3Z4a+xtlqYjMo8L6WgB+AZDtSrxkEiWTO9iqpti1kIYIwd0p8Jq9B22PICh0T8=
=vXSL
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list