[Opendnssec-user] Problem trying to run Signer Engine

Sitowitz, Paul PSitowitz at verisign.com
Wed Sep 16 20:17:06 UTC 2009


Hello,

 

I am an engineer at VeriSign and I am currently evaluating OpenDNSSEC. I
seem to be running into an issue when I try to start the signer_engine.
My notes can be found below:

 

1.      Start the signer_engine

*          /usr/local/sbin/signer_engine

Python engine proof of concept, v 0.0002 alpha

Zone list updated: 0 removed, 1 added, 0 updated

running as pid 6145

Unable to continue, stopping:

*          Needed to update Python code for signer_engine to log the
actual error which caused the above to fail

*          vi /usr/local/lib/opendnssec/signer/Engine.py +703  (inserted
code below)

syslog.syslog(syslog.LOG_ERR, "Error: " +  str(e))

        raise e

*          /usr/local/sbin/signer_engine

Python engine proof of concept, v 0.0002 alpha

Zone list updated: 0 removed, 1 added, 0 updated

running as pid 6145

Unable to continue, stopping:

*          cat /var/log/messages

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Zone
example-zone.com locked

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Scheduling task
to sign zone example-zone.com at 1253126824.65 with resign time 7200

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: acquire cond

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: notify

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: release cond

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Releasing lock on
zone example-zone.com

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: No output file
found, seconds to resign: 0

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Scheduling task
to sign zone example-zone.com at 1253126824.65 with resign time 7200

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: acquire cond

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: notify

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: release cond

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Zone
example-zone.com added

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: opening socket:
/usr/local/var/run/opendnssec/engine.sock

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Engine running

Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Error: 

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1
acquiring lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1 acquired
lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1 released
lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Got task for
worker 1

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Worker 1 run task

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Zone action to
perform: 3

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Resorting signed
zone: example-zone.com

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: No signed zone
yet

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Sorting zone:
example-zone.com

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: No information
yet for key DFE7265B783F418685380AA784C2F31D

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Generating DNSKEY
RR for DFE7265B783F418685380AA784C2F31D

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 2
acquiring lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 2 acquired
lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 2, sleep for 0

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 2 released
lock by going to wait (indef)

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 7
acquiring lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 7 acquired
lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 7, sleep for 0

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 7 released
lock by going to wait (indef)

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 3
acquiring lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 3 acquired
lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 3, sleep for 0

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 3 released
lock by going to wait (indef)

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 8
acquiring lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 8 acquired
lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 8, sleep for 0

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 8 released
lock by going to wait (indef)

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 5
acquiring lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 5 acquired
lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 5, sleep for 0

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 5 released
lock by going to wait (indef)

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 6
acquiring lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 6 acquired
lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 6, sleep for 0

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 6 released
lock by going to wait (indef)

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 4
acquiring lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 4 acquired
lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 4, sleep for 0

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 4 released
lock by going to wait (indef)

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: create_dnskey
stderr: Unable to find key with id DFE7265B783F418685380AA784C2F31D 

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: create_dnskey
status: 11

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: equality: False

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Error: could not
find key DFE7265B783F418685380AA784C2F31D

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: No information
yet for key 8D76C0C49FEB4A97B8E920C7552401CE

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Generating DNSKEY
RR for 8D76C0C49FEB4A97B8E920C7552401CE

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: create_dnskey
stderr: Unable to find key with id 8D76C0C49FEB4A97B8E920C7552401CE 

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: create_dnskey
status: 11

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: equality: False

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Error: could not
find key 8D76C0C49FEB4A97B8E920C7552401CE

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Run command:
'/usr/local/libexec/opendnssec/zone_reader -o example-zone.com -w
/usr/local/var/opendnssec/tmp/example-zone.com.sorted -n -s
656d6d6b7469736169646f677461 -t 10 -a 1'

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Writing file to
zone_reader: /usr/local/var/opendnssec/unsigned/example-zone.com

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: stderr from
sorter: Warning: Syntax error, could not parse the RR's TTL: 

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: stderr from
sorter:   

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Sorting failed

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1
acquiring lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1 acquired
lock

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 1, sleep for 7199.94631004

Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1 released
lock by going to wait (for ttime)

 

*        I used the default key values in the  Zone Signer Configuration
to for the ZSK and KSK keys

*        vi /usr/local/var/opendnssec/signconf/example-zone.com.xml

       

       <Keys>

            <TTL>PT3600S</TTL>

 

            <Key>

                <Flags>257</Flags>

                <Algorithm>5</Algorithm>

                <Locator>DFE7265B783F418685380AA784C2F31D</Locator>

                <KSK/>

                <Publish/>

            </Key>

 

            <Key>

                <Flags>256</Flags>

                <Algorithm>5</Algorithm>

                <Locator>8D76C0C49FEB4A97B8E920C7552401CE</Locator>

                <ZSK/>

                <Publish/>

            </Key>

        </Keys>

 

 

Question:  Where should I obtain the correct values for the <Locator>
tags above for BOTH the KSK and ZSK?

 

I have attached a Microsoft word document with all of my
installation/configuration notes. Please let me know if something looks
blatantly wrong?

 

Thank you in advance for your help,

 

Sincerely,

 

Paul Sitowitz

 

________________________________

P a u l   S i t o w i t z

Naming Engineering

  
  

21345 Ridgetop Circle

Dulles, VA 20166-6503 

 

psitowitz at verisign.com <BLOCKED::mailto:psitowitz at verisign.com>  

(email)

703-948-3298        

(office)

703-626-3593          

(mobile)

 

This message is intended for the use of the individual or entity to
which it is addressed, and may contain information that is privileged,
Confidential and exempt from disclosure under applicable law. Any
unauthorized use, distribution, or disclosure is strictly prohibited. If
you have received this message in error, please notify sender
immediately and destroy/delete the original transmission

________________________________

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20090916/9630fa1d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 894 bytes
Desc: image001.jpg
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20090916/9630fa1d/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenDNSSEC-install-notes.doc
Type: application/msword
Size: 165376 bytes
Desc: OpenDNSSEC-install-notes.doc
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20090916/9630fa1d/attachment.doc>


More information about the Opendnssec-user mailing list