[Opendnssec-user] RE: Build problem with Beta 2 version of OpenDNSSEC

Dave Knight dave at knig.ht
Thu Oct 22 16:37:58 UTC 2009 

Hi all,

I've been playing with this just now, resetting to a clean state and  
then trying to find the right sequence to get a zone signed, this is  
where I got to:

= Get the clean state

# /home/ods/bin/ods-control stop
# $EDITOR /home/ods/etc/opendnssec/zonelist.xml
# rm /home/ods/var/opendnssec/signconf/*
# for key in `/home/ods/bin/ods-hsmutil list | grep ^default | awk  
'{print $2}'`; do /home/ods/bin/ods-hsmutil remove $key; done

= Initilize

# /home/ods/bin/ods-ksmutil setup
# /home/ods/bin/ods-ksmutil zone add --zone example.com
# /home/ods/bin/ods-ksmutil update
# /home/ods/bin/ods-control start

# /home/ods/bin/ods-control signer

cmd> zones
  name: example.com
last config file read: None

cmd> update
  Zone list updated: 0 removed, 0 added, 0 updated
Configurations updated: 0 config errors: 1

cmd> stop
  Sent stop command to engine

# /home/ods/bin/ods-control start

# /home/ods/bin/ods-control signer

cmd> zones
  name: example.com
last config file read: 2009-10-22 11:25:43.113447

cmd> queue
  It is now: 2009-10-22 11:26:31
I have 1 tasks scheduled
At 2009-10-22 13:25:43 I will sign zone  example.com


I would love to know if there is a better way to get this done and I  
would like to know how to make signing happen immediately, ie without  
the two hour delay imposed here, running 'flush' doesn't seem to do  
what it suggests that it might to help with this.

Am running trunk/2105


dave

On 2009-10-22, at 10:54 AM, Sitowitz, Paul wrote:

> Hi Jakob,
>
> I must have had something wrong with my environment as I had re- 
> started
> ods-enforderd several times and the signer config files were not
> automatically generated. Before I first started seeing issues while I
> was previously using one of the alpha versions of OpenDNSSEC, the  
> signer
> config files were correctly generated automatically for me.
>
> Thanks,
>
> Paul
>
> -----Original Message-----
> From: Jakob Schlyter [mailto:jakob at kirei.se]
> Sent: Thursday, October 22, 2009 10:31 AM
> To: Sitowitz, Paul
> Cc: opendnssec-user at lists.opendnssec.org
> Subject: Re: [Opendnssec-user] RE: Build problem with Beta 2 version  
> of
> OpenDNSSEC
>
> On 22 okt 2009, at 16.27, Sitowitz, Paul wrote:
>
>> 	* Had to manually create the signer configuration files as the
>> software was giving errors that they did not exist (these were
>> previously generated automatically at the first time of signing):
>
> the signer configuration files are generated by ods-enforcerd when
> first run, could you recheck this phase?
>
> 	jakob
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

More information about the Opendnssec-user mailing list