[Opendnssec-user] RE: Build problem with Beta 2 version of OpenDNSSEC
Dave Knight
dave at knig.ht
Fri Oct 23 15:08:39 UTC 2009
I thought that signing wasn't happening immediately because I didn't
immediately see something in var/opendnssec/signed, it turns out that
this was because I had the auditor enabled and there was something it
didn't like, disabling it made my problem go away and zones are signed
pretty much instantaneously as desired.
dave
On 2009-10-22, at 1:43 PM, Matthijs Mekking wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> flush should work, it only does not an output file if all signatures
> are
> fresh. Could you see in the logs why "it didn't seem to work"?
>
> Best regards,
>
> Matthijs
>
> Dave Knight wrote:
>> Hi all,
>>
>> I've been playing with this just now, resetting to a clean state and
>> then trying to find the right sequence to get a zone signed, this is
>> where I got to:
>>
>> = Get the clean state
>>
>> # /home/ods/bin/ods-control stop
>> # $EDITOR /home/ods/etc/opendnssec/zonelist.xml
>> # rm /home/ods/var/opendnssec/signconf/*
>> # for key in `/home/ods/bin/ods-hsmutil list | grep ^default | awk
>> '{print $2}'`; do /home/ods/bin/ods-hsmutil remove $key; done
>>
>> = Initilize
>>
>> # /home/ods/bin/ods-ksmutil setup
>> # /home/ods/bin/ods-ksmutil zone add --zone example.com
>> # /home/ods/bin/ods-ksmutil update
>> # /home/ods/bin/ods-control start
>>
>> # /home/ods/bin/ods-control signer
>>
>> cmd> zones
>> name: example.com
>> last config file read: None
>>
>> cmd> update
>> Zone list updated: 0 removed, 0 added, 0 updated
>> Configurations updated: 0 config errors: 1
>>
>> cmd> stop
>> Sent stop command to engine
>>
>> # /home/ods/bin/ods-control start
>>
>> # /home/ods/bin/ods-control signer
>>
>> cmd> zones
>> name: example.com
>> last config file read: 2009-10-22 11:25:43.113447
>>
>> cmd> queue
>> It is now: 2009-10-22 11:26:31
>> I have 1 tasks scheduled
>> At 2009-10-22 13:25:43 I will sign zone example.com
>>
>>
>> I would love to know if there is a better way to get this done and I
>> would like to know how to make signing happen immediately, ie without
>> the two hour delay imposed here, running 'flush' doesn't seem to do
>> what
>> it suggests that it might to help with this.
>>
>> Am running trunk/2105
>>
>>
>> dave
>>
>> On 2009-10-22, at 10:54 AM, Sitowitz, Paul wrote:
>>
>>> Hi Jakob,
>>>
>>> I must have had something wrong with my environment as I had re-
>>> started
>>> ods-enforderd several times and the signer config files were not
>>> automatically generated. Before I first started seeing issues
>>> while I
>>> was previously using one of the alpha versions of OpenDNSSEC, the
>>> signer
>>> config files were correctly generated automatically for me.
>>>
>>> Thanks,
>>>
>>> Paul
>>>
>>> -----Original Message-----
>>> From: Jakob Schlyter [mailto:jakob at kirei.se]
>>> Sent: Thursday, October 22, 2009 10:31 AM
>>> To: Sitowitz, Paul
>>> Cc: opendnssec-user at lists.opendnssec.org
>>> Subject: Re: [Opendnssec-user] RE: Build problem with Beta 2
>>> version of
>>> OpenDNSSEC
>>>
>>> On 22 okt 2009, at 16.27, Sitowitz, Paul wrote:
>>>
>>>> * Had to manually create the signer configuration files as the
>>>> software was giving errors that they did not exist (these were
>>>> previously generated automatically at the first time of signing):
>>>
>>> the signer configuration files are generated by ods-enforcerd when
>>> first run, could you recheck this phase?
>>>
>>> jakob
>>>
>>> _______________________________________________
>>> Opendnssec-user mailing list
>>> Opendnssec-user at lists.opendnssec.org
>>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>>
>> _______________________________________________
>> Opendnssec-user mailing list
>> Opendnssec-user at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQEcBAEBAgAGBQJK4JnWAAoJEA8yVCPsQCW5e6EIALcss6jd7g11NFLi9/oVkTAb
> VAnQ9Yd+yuOxz9/I/DWgUen/yObwkj3qK5GoyGG4AoKMIyfWWJ4M0NRFehlrWBD6
> cEVMwsfiYPrPd5J5vDklnHZc0ZA6wQX4bGL7fgptIZ7ZAkpW+E4eQszUMWsmUoU4
> kpSRcXNmJsOwJluUl+v92MRRmvHZ6ZcvtN/RAIvSQjXHZjWY00wg84BMMJj/HQwB
> ZompTdIuNX3rdIDk6i+o2XfE+RPfjT6ycT44yqWEq+hmsStPh/C2dQSLpagkIy0A
> KAXHRqKJ6mEC1hUgO6ImCrn5TVW17T+nV5V9oo9sFvrsP5P3R1zsIQgB/qE8fSs=
> =XrEI
> -----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list