[Opendnssec-user] Glitches when running opendnssec for the first time

Sebastian Castro sebastian at nzrs.net.nz
Wed Sep 9 05:25:36 UTC 2009


I've been testing OpenDNSSEC for a few weeks on a Ubuntu laptop and
decided to move it to a more stable box to test the whole process
continuously. While running on a laptop sometimes it's turned and all
signatures expires, making impossible to check if the parameters
configured worked as expected.

Anyway, I started from scratch and found a few glitches on the new setup.

* Documentation suggests to run signer_engine, then keygend and the
communicated (although is order is not mandatory). When you run for the
fist time, signer_engine fails because the configuration files for the
zones (signconf/*.xml) are not present. Once communicated starts,
notifies signer_engine the conf files are updated and force it to run.

* If the option RequireBackup is specified in the conf.xml for a
repository, then you need to run "ksmutil backup done repository_name"
before starting communicated, if not it will fail with a "ERROR: Trying
to make non-backed up KSK active when RequireBackup flag is set" message.

* If the Module parameter of a Repository points to a file that doesn't
exists, keygend fails with a very cryptic message: "Load functions:

I hope these help other testers.

Sebastian Castro

More information about the Opendnssec-user mailing list