[Opendnssec-user] RE: Build problem with Beta 2 version of OpenDNSSEC

Matthijs Mekking matthijs at NLnetLabs.nl
Thu Oct 22 17:43:56 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

flush should work, it only does not an output file if all signatures are
fresh. Could you see in the logs why "it didn't seem to work"?

Best regards,

Matthijs

Dave Knight wrote:
> Hi all,
> 
> I've been playing with this just now, resetting to a clean state and
> then trying to find the right sequence to get a zone signed, this is
> where I got to:
> 
> = Get the clean state
> 
> # /home/ods/bin/ods-control stop
> # $EDITOR /home/ods/etc/opendnssec/zonelist.xml
> # rm /home/ods/var/opendnssec/signconf/*
> # for key in `/home/ods/bin/ods-hsmutil list | grep ^default | awk
> '{print $2}'`; do /home/ods/bin/ods-hsmutil remove $key; done
> 
> = Initilize
> 
> # /home/ods/bin/ods-ksmutil setup
> # /home/ods/bin/ods-ksmutil zone add --zone example.com
> # /home/ods/bin/ods-ksmutil update
> # /home/ods/bin/ods-control start
> 
> # /home/ods/bin/ods-control signer
> 
> cmd> zones
>  name: example.com
> last config file read: None
> 
> cmd> update
>  Zone list updated: 0 removed, 0 added, 0 updated
> Configurations updated: 0 config errors: 1
> 
> cmd> stop
>  Sent stop command to engine
> 
> # /home/ods/bin/ods-control start
> 
> # /home/ods/bin/ods-control signer
> 
> cmd> zones
>  name: example.com
> last config file read: 2009-10-22 11:25:43.113447
> 
> cmd> queue
>  It is now: 2009-10-22 11:26:31
> I have 1 tasks scheduled
> At 2009-10-22 13:25:43 I will sign zone  example.com
> 
> 
> I would love to know if there is a better way to get this done and I
> would like to know how to make signing happen immediately, ie without
> the two hour delay imposed here, running 'flush' doesn't seem to do what
> it suggests that it might to help with this.
> 
> Am running trunk/2105
> 
> 
> dave
> 
> On 2009-10-22, at 10:54 AM, Sitowitz, Paul wrote:
> 
>> Hi Jakob,
>>
>> I must have had something wrong with my environment as I had re-started
>> ods-enforderd several times and the signer config files were not
>> automatically generated. Before I first started seeing issues while I
>> was previously using one of the alpha versions of OpenDNSSEC, the signer
>> config files were correctly generated automatically for me.
>>
>> Thanks,
>>
>> Paul
>>
>> -----Original Message-----
>> From: Jakob Schlyter [mailto:jakob at kirei.se]
>> Sent: Thursday, October 22, 2009 10:31 AM
>> To: Sitowitz, Paul
>> Cc: opendnssec-user at lists.opendnssec.org
>> Subject: Re: [Opendnssec-user] RE: Build problem with Beta 2 version of
>> OpenDNSSEC
>>
>> On 22 okt 2009, at 16.27, Sitowitz, Paul wrote:
>>
>>>     * Had to manually create the signer configuration files as the
>>> software was giving errors that they did not exist (these were
>>> previously generated automatically at the first time of signing):
>>
>> the signer configuration files are generated by ods-enforcerd when
>> first run, could you recheck this phase?
>>
>>     jakob
>>
>> _______________________________________________
>> Opendnssec-user mailing list
>> Opendnssec-user at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJK4JnWAAoJEA8yVCPsQCW5e6EIALcss6jd7g11NFLi9/oVkTAb
VAnQ9Yd+yuOxz9/I/DWgUen/yObwkj3qK5GoyGG4AoKMIyfWWJ4M0NRFehlrWBD6
cEVMwsfiYPrPd5J5vDklnHZc0ZA6wQX4bGL7fgptIZ7ZAkpW+E4eQszUMWsmUoU4
kpSRcXNmJsOwJluUl+v92MRRmvHZ6ZcvtN/RAIvSQjXHZjWY00wg84BMMJj/HQwB
ZompTdIuNX3rdIDk6i+o2XfE+RPfjT6ycT44yqWEq+hmsStPh/C2dQSLpagkIy0A
KAXHRqKJ6mEC1hUgO6ImCrn5TVW17T+nV5V9oo9sFvrsP5P3R1zsIQgB/qE8fSs=
=XrEI
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list