[Opendnssec-user] RE: Build problem withBeta 2 version of OpenDNSSEC

Sitowitz, Paul PSitowitz at verisign.com
Thu Oct 22 14:48:06 UTC 2009


ods-signer is a command-line utility which talks to the signer
sub-component of the ods-enforcerd daemon via a socket. As you
mentioned, ods-enforcerd has to be running for ods-signer to communicate
with it.

 

ods-control  is a command line utility wrapper for ods-signer,
ods-ksmutil, ods-hsmutil, and for starting/stopping the ods-enforcerd
and ods-signerd daemons.

 

Thanks,

 

Paul

 

________________________________

From: Rick Zijlker [mailto:rick.zijlker at sidn.nl] 
Sent: Thursday, October 22, 2009 10:41 AM
To: Alexd at nominet.org.uk; Sitowitz, Paul
Cc: opendnssec-user-bounces at lists.opendnssec.org; Rickard Bondesson;
opendnssec-user at lists.opendnssec.org
Subject: RE: [Opendnssec-user] RE: Build problem withBeta 2 version of
OpenDNSSEC

 

I've had the exact same problem an hour ago when trying to sign without
starting ods-enforcerd. I only started the ods-signer. So it looks like
running ods-enforcerd does the job. 

 

As I am reading this mailing I see "ods-control start" is starting both
of those, is that correct? Does that mean you won't need to run
"ods-signer start" after running "ods-control start" ?

 

Cheers,

Rick

 

From: opendnssec-user-bounces at lists.opendnssec.org
[mailto:opendnssec-user-bounces at lists.opendnssec.org] On Behalf Of
Alexd at nominet.org.uk
Sent: donderdag 22 oktober 2009 16:32
To: Sitowitz, Paul
Cc: opendnssec-user-bounces at lists.opendnssec.org; Rickard Bondesson;
opendnssec-user at lists.opendnssec.org
Subject: RE: [Opendnssec-user] RE: Build problem withBeta 2 version of
OpenDNSSEC

 

> 4. used ods-ksmutil to add both zones 
> 5. Had to manually create the signer configuration files as the 
> software was giving errors that they did not exist (these were 
> previously generated automatically at the first time of signing): 
> [root]/usr/local/var/opendnssec/signconf: ods-signer 
> connecting to /var/run/opendnssec/engine.sock 
> cmd> sign example.com 
>  "Error reading zone config for example.com: [Errno 2] No such file 
> or directory: u'/usr/local/var/opendnssec/signconf/example.com.xml'" 
>   

I found that killing the ods-enforcerd, running "ods-ksmutil update",
then restarting the ods-enforcerd and ods-signer, and running "update"
in the ods-signer, seems to load the added zone successfully. 

There's probably a better way. 


Alex.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091022/fc7ac591/attachment.htm>


More information about the Opendnssec-user mailing list