[Opendnssec-user] Problem trying to run Signer Engine
Sitowitz, Paul
PSitowitz at verisign.com
Thu Sep 17 17:48:54 UTC 2009
Jakob, Matt,
Thanks for your quick responses. I was able to get past my issue but seem to have run into another. I have two zone files as follows:
cat /usr/local/var/opendnssec/unsigned/example-zone.com
@ IN SOA dev-ng-core4 dnsuser ( 4 10800 3600 604800 86400 )
IN NS dev-ng-core4
localhost A 127.0.0.1
ajax A 192.168.5.24
MX 10 ajax
odysseus A 192.168.5.23
MX 10 odysseus
achilles A 192.168.5.20
MX 10 achilles
diomedes A 192.168.5.22
MX 10 diomedes
dev-ng-core4 A 192.168.5.1
MX 10 dev-ng-core4
menelaeus A 192.168.5.28
MX 10 menelaeus
agamemnon A 192.168.5.21
MX 10 agamemnon
AND
cat /usr/local/var/opendnssec/unsigned/test-zone.nl
$ORIGIN example.com. ; designates the start of this zone file in the name space
$TTL 1h ; The default expiration time of a resource record without its own TTL value
example.com. IN SOA ns.example.com. username.example.com. (
2007120710 ; serial number of this zone file
1d ; slave refresh (1 day)
1d ; slave retry time in case of a problem (1 day)
4w ; slave expiration time (4 weeks)
1h ; minimum caching time in case of failed lookups
)
example.com. NS ns
example.com. NS ns.somewhere.com.
example.com. MX 10 mail.example.com.
@ MX 20 mail2.example.com.
@ MX 50 mail3
example.com. A 10.0.0.1
ns A 10.0.0.2
www CNAME ns
wwwtest CNAME www
mail A 10.0.0.3
When I try to sign these zones, I get similar warnings for both in /var/log/messages:
Found key f7fe51cdea5d1d507ba5f579d5769fc0
Sep 17 13:24:21 dev-ng-core3 OpenDNSSEC signer engine: Run command: '/usr/local/libexec/opendnssec/zone_reader -o test-zone.nl -w /usr/local/var/opendnssec/tmp/test-zone.nl.sorted -n -s 6B375CD6560CE9DB -t 5 -a 1'
Sep 17 13:24:21 dev-ng-core3 OpenDNSSEC signer engine: Writing file to zone_reader: /usr/local/var/opendnssec/unsigned/test-zone.nl
Sep 17 13:24:21 dev-ng-core3 OpenDNSSEC signer engine: stderr from sorter: Warning: Syntax error, could not parse the RR's TTL:
Sep 17 13:24:21 dev-ng-core3 OpenDNSSEC signer engine: stderr from sorter:
Sep 17 13:24:21 dev-ng-core3 OpenDNSSEC signer engine: Sorting failed
As a result, the zones are NOT being signed as I don't see any log messages indicating so nor are there any signed zones in my configured /usr/local/var/opendnssec/signed folder. So, I'm thinking that the warning " Warning: Syntax error, could not parse the RR's TTL" is the root cause. Do you have any recommendations on how I can further troubleshoot this issue? Can you provide me a sample zone file that you know should definitely sign with no issues?
Thanks again,
Paul
-----Original Message-----
From: Jakob Schlyter [mailto:jakob at kirei.se]
Sent: Wednesday, September 16, 2009 11:09 PM
To: Sitowitz, Paul
Subject: Re: [Opendnssec-user] Problem trying to run Signer Engine
On 16 sep 2009, at 22.17, Sitowitz, Paul wrote:
> 1. Start the signer_engine
> à /usr/local/sbin/signer_engine
> Python engine proof of concept, v 0.0002 alpha
> Zone list updated: 0 removed, 1 added, 0 updated
> running as pid 6145
> Unable to continue, stopping:
> à Needed to update Python code for signer_engine to log the
> actual error which caused the above to fail
> à vi /usr/local/lib/opendnssec/signer/Engine.py +703
> (inserted code below)
> syslog.syslog(syslog.LOG_ERR, "Error: " + str(e))
> raise e
patch integrated, thanks!
jakob
More information about the Opendnssec-user
mailing list