[Opendnssec-user] Problem trying to run Signer Engine
Sitowitz, Paul
PSitowitz at verisign.com
Wed Sep 16 20:17:06 UTC 2009
Hello,
I am an engineer at VeriSign and I am currently evaluating OpenDNSSEC. I
seem to be running into an issue when I try to start the signer_engine.
My notes can be found below:
1. Start the signer_engine
* /usr/local/sbin/signer_engine
Python engine proof of concept, v 0.0002 alpha
Zone list updated: 0 removed, 1 added, 0 updated
running as pid 6145
Unable to continue, stopping:
* Needed to update Python code for signer_engine to log the
actual error which caused the above to fail
* vi /usr/local/lib/opendnssec/signer/Engine.py +703 (inserted
code below)
syslog.syslog(syslog.LOG_ERR, "Error: " + str(e))
raise e
* /usr/local/sbin/signer_engine
Python engine proof of concept, v 0.0002 alpha
Zone list updated: 0 removed, 1 added, 0 updated
running as pid 6145
Unable to continue, stopping:
* cat /var/log/messages
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Zone
example-zone.com locked
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Scheduling task
to sign zone example-zone.com at 1253126824.65 with resign time 7200
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: acquire cond
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: notify
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: release cond
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Releasing lock on
zone example-zone.com
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: No output file
found, seconds to resign: 0
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Scheduling task
to sign zone example-zone.com at 1253126824.65 with resign time 7200
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: acquire cond
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: notify
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: release cond
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Zone
example-zone.com added
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: opening socket:
/usr/local/var/run/opendnssec/engine.sock
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Engine running
Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Error:
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1
acquiring lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1 acquired
lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1 released
lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Got task for
worker 1
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Worker 1 run task
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Zone action to
perform: 3
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Resorting signed
zone: example-zone.com
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: No signed zone
yet
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Sorting zone:
example-zone.com
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: No information
yet for key DFE7265B783F418685380AA784C2F31D
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Generating DNSKEY
RR for DFE7265B783F418685380AA784C2F31D
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 2
acquiring lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 2 acquired
lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 2, sleep for 0
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 2 released
lock by going to wait (indef)
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 7
acquiring lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 7 acquired
lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 7, sleep for 0
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 7 released
lock by going to wait (indef)
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 3
acquiring lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 3 acquired
lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 3, sleep for 0
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 3 released
lock by going to wait (indef)
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 8
acquiring lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 8 acquired
lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 8, sleep for 0
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 8 released
lock by going to wait (indef)
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 5
acquiring lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 5 acquired
lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 5, sleep for 0
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 5 released
lock by going to wait (indef)
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 6
acquiring lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 6 acquired
lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 6, sleep for 0
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 6 released
lock by going to wait (indef)
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 4
acquiring lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 4 acquired
lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 4, sleep for 0
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 4 released
lock by going to wait (indef)
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: create_dnskey
stderr: Unable to find key with id DFE7265B783F418685380AA784C2F31D
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: create_dnskey
status: 11
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: equality: False
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Error: could not
find key DFE7265B783F418685380AA784C2F31D
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: No information
yet for key 8D76C0C49FEB4A97B8E920C7552401CE
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Generating DNSKEY
RR for 8D76C0C49FEB4A97B8E920C7552401CE
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: create_dnskey
stderr: Unable to find key with id 8D76C0C49FEB4A97B8E920C7552401CE
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: create_dnskey
status: 11
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: equality: False
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Error: could not
find key 8D76C0C49FEB4A97B8E920C7552401CE
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Run command:
'/usr/local/libexec/opendnssec/zone_reader -o example-zone.com -w
/usr/local/var/opendnssec/tmp/example-zone.com.sorted -n -s
656d6d6b7469736169646f677461 -t 10 -a 1'
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Writing file to
zone_reader: /usr/local/var/opendnssec/unsigned/example-zone.com
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: stderr from
sorter: Warning: Syntax error, could not parse the RR's TTL:
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: stderr from
sorter:
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Sorting failed
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1
acquiring lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1 acquired
lock
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: no task for
worker 1, sleep for 7199.94631004
Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: worker 1 released
lock by going to wait (for ttime)
* I used the default key values in the Zone Signer Configuration
to for the ZSK and KSK keys
* vi /usr/local/var/opendnssec/signconf/example-zone.com.xml
<Keys>
<TTL>PT3600S</TTL>
<Key>
<Flags>257</Flags>
<Algorithm>5</Algorithm>
<Locator>DFE7265B783F418685380AA784C2F31D</Locator>
<KSK/>
<Publish/>
</Key>
<Key>
<Flags>256</Flags>
<Algorithm>5</Algorithm>
<Locator>8D76C0C49FEB4A97B8E920C7552401CE</Locator>
<ZSK/>
<Publish/>
</Key>
</Keys>
Question: Where should I obtain the correct values for the <Locator>
tags above for BOTH the KSK and ZSK?
I have attached a Microsoft word document with all of my
installation/configuration notes. Please let me know if something looks
blatantly wrong?
Thank you in advance for your help,
Sincerely,
Paul Sitowitz
________________________________
P a u l S i t o w i t z
Naming Engineering
21345 Ridgetop Circle
Dulles, VA 20166-6503
psitowitz at verisign.com <BLOCKED::mailto:psitowitz at verisign.com>
(email)
703-948-3298
(office)
703-626-3593
(mobile)
This message is intended for the use of the individual or entity to
which it is addressed, and may contain information that is privileged,
Confidential and exempt from disclosure under applicable law. Any
unauthorized use, distribution, or disclosure is strictly prohibited. If
you have received this message in error, please notify sender
immediately and destroy/delete the original transmission
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20090916/9630fa1d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 894 bytes
Desc: image001.jpg
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20090916/9630fa1d/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenDNSSEC-install-notes.doc
Type: application/msword
Size: 165376 bytes
Desc: OpenDNSSEC-install-notes.doc
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20090916/9630fa1d/attachment.doc>
More information about the Opendnssec-user
mailing list