[Opendnssec-user] Opendnssec Documentation

Rickard Bondesson rickard.bondesson at iis.se
Sat Oct 24 10:40:38 UTC 2009

You also need to setup the database, before you use it for the first time.

ods-ksmutil setup

Sorry about the documentation. It will be fixed within two weeks.

24 okt 2009 kl. 12.34 skrev "B C" <brettlists at gmail.com<mailto:brettlists at gmail.com>>:

Thanks Jakob they are all good pointers. As my /etc/opendnssec and /var/opendnssec are quite old I have decided to start afresh from this release.

Consequently I am now having some issues getting things up and running.

I have installed and configured softhsm and added/initialised a slot for opendnssec to use.

However when i start the signing/enforcer daemons I am seeing an error:

Oct 24 11:28:10 dnssigner2 ods-enforcerd: SQLite database set to: /var/opendnssec/kasp.db
Oct 24 11:28:10 dnssigner2 ods-enforcerd: Log User set to: local0
Oct 24 11:28:10 dnssigner2 ods-enforcerd: Switched log facility to: local0
Oct 24 11:28:10 dnssigner2 ods-enforcerd: Connecting to Database...
Oct 24 11:28:10 dnssigner2 ods-enforcerd: ERROR: error executing SQL - no such table: dbadmin

I do have an /var/opendnssec/kasp.db but it is empty:

 ls -l /var/opendnssec
total 16
-rw-r--r-- 1 root root    0 Oct 24 11:28 kasp.db
-rw-r--r-- 1 root root    0 Oct 24 11:28 kasp.db.our_lock

Any ideas on where I am going wrong from anybody would be greatly appreciated.


On Fri, Oct 23, 2009 at 10:05 PM, Jakob Schlyter <<mailto:jakob at kirei.se>jakob at kirei.se<mailto:jakob at kirei.se>> wrote:
On 23 okt 2009, at 21.23, B C wrote:

Since the recent version(s) the user document at.


seems to be quite out of date.

please use the documentation available starting at <http://trac.opendnssec.org/wiki/Signer> http://trac.opendnssec.org/wiki/Signer for now.

I have no problem(s) with the compile/install but am looking for a document that tells me howto:

Add a new policy to a blank install.

edit kasp.xml and 'ods-ksmutil update' to import it into the enforcer.

Add a new zone to a blank install.

ods-ksmutil zone add ...

Start up the daemons (which ones in which order).

ods-control start

Make changes to policies.

edit kasp.xml and 'ods-ksmutil update' to update.

Emergency key rollover.

ods-ksmutil key rollover ...

Immediate resign.

ods-signer ...

Is there a new document in the works or at least a readme that covers the above points (and anything else I need ?

an update set of documentation is being work on, but I wouldn't hold my breath waiting for it just yet.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091024/49c07499/attachment.htm>

More information about the Opendnssec-user mailing list