[Opendnssec-user] Problem signed almost empty zone
Matthijs Mekking
matthijs at NLnetLabs.nl
Tue Oct 27 15:10:06 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Bjorn,
Though I did not have this issue with NSEC3, the same thing happened for
me with NSEC. The problem exists when there was only one NSEC RR needed.
I believe the trunk r2350 and up will solve your problem.
Best regards,
Matthijs
Bjorn Hansson wrote:
> Hi!
>
> I have a problem signing almost empty zones. I.e. the zone attached
> below, containing just a SOA and one NS record.
>
> ---
> $TTL 14400
> almostempty.se. IN SOA dns01.netera.se. hostmaster.netera.se. (
> 2009102702 ; Serial number
> 86400 ; Refresh 1 day
> 7200 ; Retry 2 hours
> 3600000 ; Expire 41.67 days
> 86400 ) ; Minimum TTL 2 days
>
> almostempty.se. IN NS dns01.netera.se.
> ---
>
> In the tmp-directory I have almostempty.se.sorted, which looks correct
> to me, and almostempty.se.processed, which also seem correct, and
> almostempty.se.nsecced, which is empty.
>
> The log read:
> ods-signerd: Received command: 'sign almostempty.se'
> ods-signerd: Scheduling task to sign zone almostempty.se at
> 1256649174.06 with resign time 7200
> ods-signerd: Connection closed by peer
> ods-signerd: Zone action to perform: 4
> ods-signerd: Sorting zone: almostempty.se
> ods-signerd: Preprocessing zone: almostempty.se
> ods-signerd: NSEC(3)ing zone: almostempty.se
> ods-signerd: signer stderr: Warning: unable to open
> /var/opendnssec/tmp/almostempty.se.signed: No such file or directory,
> performing full zone sign
> ods-signerd: signer stderr: signer: number of signatures created: 0
> (within a second)
> ods-signerd: No new signatures, keeping zone
>
> Is this a known issue, or can I provide more information for you to be
> able to investigate this further?
>
> Thanks for all your nice work so far!
>
>
>
> Best regards,
> Björn
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJK5w1MAAoJEA8yVCPsQCW5HMMIAJ/MLYAm9OnGPGoBkEJInrZe
cGLZa6JZZMnkij1D3qdSzVDO4qhTKP+rdRrp10gOmUIXv5XTpjv3Uch0mI7r+gyR
4N6cXfZIZPuwZ9YVDLHPlFcsy36o2UPZt/zsP2EDnzHJBbV/u+GwHCfEkVyl6KQT
7hC5nkpTgrRU5PW2Gyo4dzmNzgrzhH2DWSuOHs5VdQvWJAXQU6R+1CU4cVI/xaqe
jI9FEUmu1c3Mesegm6QpLU6cbgR2yiAJpXhERsKYBXWM3xqYIxPVJw+/SAV+MWF4
ihgyyE1UhyphKII1Ywx0HquhjYpSVHFBK+EjryQRZbbnFs0xRcxV5K+hoTpqKnk=
=kGEm
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list