[Opendnssec-user] Problem signed almost empty zone

[Matthijs Mekking]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Bjorn,

Though I did not have this issue with NSEC3, the same thing happened for
me with NSEC. The problem exists when there was only one NSEC RR needed.

I believe the trunk r2350 and up will solve your problem.

Best regards,

Matthijs

Bjorn Hansson wrote:
> Hi!
> 
> I have a problem signing almost empty zones. I.e. the zone attached
> below, containing just a SOA and one NS record.
> 
> ---
> $TTL 14400
> almostempty.se. IN SOA dns01.netera.se. hostmaster.netera.se. (
>                                 2009102702   ; Serial number
>                                      86400   ; Refresh     1 day
>                                       7200   ; Retry       2 hours
>                                    3600000   ; Expire      41.67 days
>                                      86400 ) ; Minimum TTL 2 days
> 
> almostempty.se.             IN NS dns01.netera.se.
> ---
> 
> In the tmp-directory I have almostempty.se.sorted, which looks correct
> to me, and almostempty.se.processed, which also seem correct, and
> almostempty.se.nsecced, which is empty.
> 
> The log read:
> ods-signerd: Received command: 'sign almostempty.se'
> ods-signerd: Scheduling task to sign zone almostempty.se at
> 1256649174.06 with resign time 7200
> ods-signerd: Connection closed by peer
> ods-signerd: Zone action to perform: 4
> ods-signerd: Sorting zone: almostempty.se
> ods-signerd: Preprocessing zone: almostempty.se
> ods-signerd: NSEC(3)ing zone: almostempty.se
> ods-signerd: signer stderr: Warning: unable to open
> /var/opendnssec/tmp/almostempty.se.signed: No such file or directory,
> performing full zone sign
> ods-signerd: signer stderr: signer: number of signatures created: 0
> (within a second)
> ods-signerd: No new signatures, keeping zone
> 
> Is this a known issue, or can I provide more information for you to be
> able to investigate this further?
> 
> Thanks for all your nice work so far!
> 
> 
> 
> Best regards,
> Björn
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJK5w1MAAoJEA8yVCPsQCW5HMMIAJ/MLYAm9OnGPGoBkEJInrZe
cGLZa6JZZMnkij1D3qdSzVDO4qhTKP+rdRrp10gOmUIXv5XTpjv3Uch0mI7r+gyR
4N6cXfZIZPuwZ9YVDLHPlFcsy36o2UPZt/zsP2EDnzHJBbV/u+GwHCfEkVyl6KQT
7hC5nkpTgrRU5PW2Gyo4dzmNzgrzhH2DWSuOHs5VdQvWJAXQU6R+1CU4cVI/xaqe
jI9FEUmu1c3Mesegm6QpLU6cbgR2yiAJpXhERsKYBXWM3xqYIxPVJw+/SAV+MWF4
ihgyyE1UhyphKII1Ywx0HquhjYpSVHFBK+EjryQRZbbnFs0xRcxV5K+hoTpqKnk=
=kGEm
-----END PGP SIGNATURE-----