[Opendnssec-user] Cannot sign .FR, stops at fr.in.sorted

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Oct 28 13:52:05 UTC 2009


Trying to sign a copy of ".FR" (1.5 Mdomains, NSEC3, opt-out, two DS
added), the auditor runs for a long time (see my other messages) then
stops and I find no /var/opendnssec/signed/fr (I can sign smaller
zones fine). In /var/opendnssec/tmp, I find only:

-rw-r--r-- 1 root root 307600425 Oct 28 09:10 fr.in.sorted.11966
-rw-r--r-- 1 root root 307600425 Oct 28 09:09 fr.in.parsed.11966
-rw-r--r-- 1 root root 304342570 Oct 28 09:09 fr.finalized.out.sorted.11966
-rw-r--r-- 1 root root 304342570 Oct 28 09:09 fr.finalized.out.parsed.11966
-rw-r--r-- 1 root root 157372937 Oct 28 08:59 fr.finalized
-rw-r--r-- 1 root root 157426457 Oct 28 08:59 fr.signed
-rw-r--r-- 1 root root 159097938 Oct 28 08:58 fr.nsecced
-rw-r--r-- 1 root root 159067102 Oct 28 08:58 fr.processed
-rw-r--r-- 1 root root 159008239 Oct 28 08:55 fr.sorted

In the log of the signer, I just find (just ignore the other zone
bortzmeyer.fr):

Oct 28 08:53:40 jezabel ods-signerd: Received command: 'sign fr'
Oct 28 08:53:40 jezabel ods-signerd: Scheduling task to sign zone fr at 1256645589.31 with resign time 7200
Oct 28 08:53:40 jezabel ods-signerd: acquire cond
Oct 28 08:53:40 jezabel ods-signerd: notify
Oct 28 08:53:40 jezabel ods-signerd: release cond
Oct 28 08:53:40 jezabel ods-signerd: Releasing lock on engine
Oct 28 08:53:40 jezabel ods-signerd: Sending response: Zone scheduled for immediate resign  
Oct 28 08:53:40 jezabel ods-signerd: Done handling command
Oct 28 08:53:40 jezabel ods-signerd: worker 3 acquiring lock
Oct 28 08:53:40 jezabel ods-signerd: worker 3 acquired lock
Oct 28 08:53:40 jezabel ods-signerd: worker 3 released lock
Oct 28 08:53:40 jezabel ods-signerd: Got task for worker 3
Oct 28 08:53:40 jezabel ods-signerd: Worker 3 run task
Oct 28 08:53:40 jezabel ods-signerd: Zone action to perform: 4
Oct 28 08:53:40 jezabel ods-signerd: Connection closed by peer
Oct 28 08:53:40 jezabel ods-signerd: Run command: '/usr/local/libexec/opendnssec/get_serial -f /var/opendnssec/unsigned/fr'
Oct 28 08:53:40 jezabel ods-signerd: Sorting zone: fr
Oct 28 08:53:40 jezabel ods-signerd: Run command: '/usr/local/libexec/opendnssec/sorter -o fr -f /var/opendnssec/unsigned/fr -w /var/opendnssec/tmp/fr.sorted -m 3600'
Oct 28 08:55:15 jezabel ods-signerd: Done sorting
Oct 28 08:55:15 jezabel ods-signerd: Preprocessing zone: fr
Oct 28 08:55:15 jezabel ods-signerd: Run command: '/usr/local/libexec/opendnssec/zone_reader -o fr -w /var/opendnssec/tmp/fr.processed -n -t 5 -a 1 -s 28652f9464a79857'
Oct 28 08:55:15 jezabel ods-signerd: Writing file to zone_reader: /var/opendnssec/tmp/fr.sorted
Oct 28 08:56:28 jezabel ods-signerd: worker 6 acquiring lock
Oct 28 08:56:28 jezabel ods-signerd: worker 6 acquired lock
Oct 28 08:56:28 jezabel ods-signerd: worker 6 released lock
Oct 28 08:56:28 jezabel ods-signerd: Got task for worker 6
Oct 28 08:56:28 jezabel ods-signerd: Worker 6 run task
Oct 28 08:56:28 jezabel ods-signerd: Zone action to perform: 6
Oct 28 08:56:28 jezabel ods-signerd: Run command: '/usr/local/libexec/opendnssec/signer -c /etc/opendnssec/conf.xml -p /var/opendnssec/tmp/bortzmeyer.fr.signed -w /var/opendnssec/tmp/bortzmeyer.fr.signed2 -r'
Oct 28 08:56:28 jezabel ods-signerd: write to subp:  
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :origin bortzmeyer.fr
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :soa_ttl 3600
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :soa_minimum 3600
Oct 28 08:56:28 jezabel ods-signerd: Run command: '/usr/local/libexec/opendnssec/get_serial -f /var/opendnssec/signed/bortzmeyer.fr'
Oct 28 08:56:28 jezabel ods-signerd: set serial to 1256716588
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :expiration 20091104075628
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :expiration_denial 20091104075628
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :jitter 43200
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :inception 20091028075128
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :refresh 20091101075628
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :refresh_denial 20091101075628
Oct 28 08:56:28 jezabel ods-signerd: use signature key: 60b57dff6604cc35ec6fdd8aef7710a2
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :add_ksk 60b57dff6604cc35ec6fdd8aef7710a2 7 257
Oct 28 08:56:28 jezabel ods-signerd: use signature key: e17b1d0465e6976536119c872a353911
Oct 28 08:56:28 jezabel ods-signerd: write to subp: :add_zsk e17b1d0465e6976536119c872a353911 7 256
Oct 28 08:56:28 jezabel ods-signerd: signer stderr: signer: number of signatures created: 0 (within a second) 
Oct 28 08:56:28 jezabel ods-signerd: No new signatures, keeping zone
Oct 28 08:56:28 jezabel ods-signerd: worker 6 acquiring lock
Oct 28 08:56:28 jezabel ods-signerd: worker 6 acquired lock
Oct 28 08:56:28 jezabel ods-signerd: no task for worker 6, sleep for 7199.6982429
Oct 28 08:56:28 jezabel ods-signerd: worker 6 released lock by going to wait (for ttime)
Oct 28 08:58:05 jezabel ods-signerd: Done preprocessing
Oct 28 08:58:05 jezabel ods-signerd: NSEC(3)ing zone: fr
Oct 28 08:58:05 jezabel ods-signerd: Run command: '/usr/local/libexec/opendnssec/nsec3er -o fr -t 5 -a 1 -i /var/opendnssec/tmp/fr.processed -w /var/opendnssec/tmp/fr.nsecced -m 3600 -s 28652f9464a79857 -p'
Oct 28 08:58:35 jezabel ods-signerd: stderr from nseccer: nsec3er: 236 NSEC3 records generated (7 rr/sec) 
Oct 28 08:58:35 jezabel ods-signerd: Run command: '/usr/local/libexec/opendnssec/signer -c /etc/opendnssec/conf.xml -p /var/opendnssec/tmp/fr.signed -w /var/opendnssec/tmp/fr.signed2 -r'
Oct 28 08:58:35 jezabel ods-signerd: write to subp:  
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :origin fr
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :soa_ttl 3600
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :soa_minimum 3600
Oct 28 08:58:35 jezabel ods-signerd: set serial to 1256716715
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :expiration 20091104075835
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :expiration_denial 20091104075835
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :jitter 43200
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :inception 20091028075335
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :refresh 20091101075835
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :refresh_denial 20091101075835
Oct 28 08:58:35 jezabel ods-signerd: use signature key: 9a751331baf10005a7de8a2a776f6884
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :add_ksk 9a751331baf10005a7de8a2a776f6884 7 257
Oct 28 08:58:35 jezabel ods-signerd: use signature key: f87fd06a95e8cd187c6d826a5905eaae
Oct 28 08:58:35 jezabel ods-signerd: write to subp: :add_zsk f87fd06a95e8cd187c6d826a5905eaae 7 256
Oct 28 08:59:20 jezabel ods-signerd: signer stderr: signer: number of signatures created: 322 (7 rr/sec) 
Oct 28 08:59:20 jezabel ods-signerd: Created 322 new signatures
Oct 28 08:59:20 jezabel ods-signerd: Run command: '/usr/local/libexec/opendnssec/finalizer -f /var/opendnssec/tmp/fr.signed'
Oct 28 08:59:29 jezabel ods-signerd: Running auditor on zone
Oct 28 08:59:29 jezabel ods-signerd: Run command: '/usr/local/bin/ods-auditor -c /etc/opendnssec/conf.xml -s /var/opendnssec/tmp/fr.finalized -z fr'

then nothing.



More information about the Opendnssec-user mailing list