[Opendnssec-user] Problem trying to run Signer Engine

Sitowitz, Paul PSitowitz at verisign.com
Thu Sep 17 17:48:54 UTC 2009


Jakob, Matt,

Thanks for your quick responses. I was able to get past my issue but seem to have run into another. I have two zone files as follows:

cat /usr/local/var/opendnssec/unsigned/example-zone.com

@ IN SOA  dev-ng-core4 dnsuser ( 4 10800 3600 604800 86400 )
  IN NS   dev-ng-core4
 
localhost               A       127.0.0.1
ajax                    A       192.168.5.24
                        MX      10 ajax
odysseus                A       192.168.5.23
                        MX      10 odysseus
achilles                A       192.168.5.20
                        MX      10 achilles
diomedes                A       192.168.5.22
                        MX      10 diomedes
dev-ng-core4            A       192.168.5.1
                        MX      10 dev-ng-core4
menelaeus               A       192.168.5.28
                        MX      10 menelaeus
agamemnon               A       192.168.5.21
                        MX      10 agamemnon

AND

cat /usr/local/var/opendnssec/unsigned/test-zone.nl
$ORIGIN example.com.     ; designates the start of this zone file in the name space
$TTL 1h                  ; The default expiration time of a resource record without its own TTL value 
example.com.  IN  SOA  ns.example.com. username.example.com. ( 
              2007120710 ; serial number of this zone file
              1d         ; slave refresh (1 day)
              1d         ; slave retry time in case of a problem (1 day)
              4w         ; slave expiration time (4 weeks)
              1h         ; minimum caching time in case of failed lookups 
              )
example.com.  NS    ns                    
example.com.  NS    ns.somewhere.com.     
example.com.  MX    10 mail.example.com.  
@             MX    20 mail2.example.com. 
@             MX    50 mail3              
example.com.  A     10.0.0.1              
ns            A     10.0.0.2              
www           CNAME ns                    
wwwtest       CNAME www                   
mail          A     10.0.0.3              


When I try to sign these zones, I get similar warnings for both in /var/log/messages:

Found key f7fe51cdea5d1d507ba5f579d5769fc0
Sep 17 13:24:21 dev-ng-core3 OpenDNSSEC signer engine: Run command: '/usr/local/libexec/opendnssec/zone_reader -o test-zone.nl -w /usr/local/var/opendnssec/tmp/test-zone.nl.sorted -n -s 6B375CD6560CE9DB -t 5 -a 1'
Sep 17 13:24:21 dev-ng-core3 OpenDNSSEC signer engine: Writing file to zone_reader: /usr/local/var/opendnssec/unsigned/test-zone.nl
Sep 17 13:24:21 dev-ng-core3 OpenDNSSEC signer engine: stderr from sorter: Warning: Syntax error, could not parse the RR's TTL: 
Sep 17 13:24:21 dev-ng-core3 OpenDNSSEC signer engine: stderr from sorter:                                            
Sep 17 13:24:21 dev-ng-core3 OpenDNSSEC signer engine: Sorting failed

As a result, the zones are NOT being signed as I don't see any log messages indicating so nor are there any signed zones in my configured /usr/local/var/opendnssec/signed folder. So, I'm thinking that the warning " Warning: Syntax error, could not parse the RR's TTL" is the root cause. Do you have any recommendations on how I can further troubleshoot this issue? Can you provide me a sample zone file that you know should definitely sign with no issues?

Thanks again,

Paul
                                                                                
-----Original Message-----
From: Jakob Schlyter [mailto:jakob at kirei.se] 
Sent: Wednesday, September 16, 2009 11:09 PM
To: Sitowitz, Paul
Subject: Re: [Opendnssec-user] Problem trying to run Signer Engine

On 16 sep 2009, at 22.17, Sitowitz, Paul wrote:

> 1.      Start the signer_engine
> à          /usr/local/sbin/signer_engine
> Python engine proof of concept, v 0.0002 alpha
> Zone list updated: 0 removed, 1 added, 0 updated
> running as pid 6145
> Unable to continue, stopping:
> à          Needed to update Python code for signer_engine to log the  
> actual error which caused the above to fail
> à          vi /usr/local/lib/opendnssec/signer/Engine.py +703   
> (inserted code below)
> syslog.syslog(syslog.LOG_ERR, "Error: " +  str(e))
>         raise e

patch integrated, thanks!

	jakob




More information about the Opendnssec-user mailing list