[Opendnssec-user] upgrading from 1.0 to 1.1
Matthijs Mekking
matthijs at NLnetLabs.nl
Tue Jun 15 08:35:11 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Pierre,
The error occurs if there is a signature added in memory, before the
data related to the signature is added. This should not happen, since
the files in /var/opendnssec/tmp are sorted in such a way that the
signatures always follow the corresponding data.
The fact that the .nsecced.signed and .optout files are empty signal
that something else might have gone wrong (earlier).
Also, the logs seem to show that the error occurred before restarting
OpenDNSSEC: Jun 14 14:51:59 < Jun 14 15:23:53. Is it truly related to
the upgrade?
That are the first pointers that I can come up with.
Best regards,
Matthijs
On 06/14/2010 03:35 PM, Pierre Lebrech wrote:
> Hello,
>
> I have just upgraded on running setup from OpenDNSSEC 1.0 to 1.1 on
> Debian GNU Linux.
>
> After having restarted ODS with ods-control start, I get this on my
> screen :
>
> ################################## snip
> Starting signer engine...
> connecting to /var/run/opendnssec/engine.sock
> OpenDNSSEC signer engine version 1.1.0
> Zone list updated: 0 removed, 5 added, 0 updated
> running as pid 9247
> Starting enforcer...
> OpenDNSSEC ods-enforcerd started (version 1.1.0), pid 9250
> ################################## snip
>
> seems OK...
>
> In daemon.log, I have this :
>
> ################################## snip
> Jun 14 15:23:53 rdb ods-enforcerd: opendnssec-enforcer starting...
> Jun 14 15:23:53 rdb ods-enforcerd: opendnssec-enforcer forked OK...
> Jun 14 15:23:53 rdb ods-enforcerd: opendnssec-enforcer Parent exiting...
> Jun 14 15:23:53 rdb ods-enforcerd: group set to: ods (1001)
> Jun 14 15:23:53 rdb ods-enforcerd: user set to: ods (1001)
> Jun 14 15:23:53 rdb ods-enforcerd: opendnssec-enforcer started (version
> 1.1.0), pid 11450
> ################################## snip
>
>
> But in another log file, I have this :
>
> Jun 14 14:51:59 rdb ods-signerd: stderr from preprocessor: cannot add
> RRSIG rr if the corresponding RRset (51) is missing
>
> Files like *.optout or *.signed.nsecced in /var/opendnssec/tmp were
> created but empty.
>
> any ideas?
>
> thanks.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJMFzs+AAoJEA8yVCPsQCW5+O8H/3rrkIIP/WQ3VZH4WaYh3UAH
ihN5AyLOOk/2qTNtedEj3Wt5/UoQB9JDs8x/BbZP1P+5U64xRfpwImtVrCdzRXlf
dLzAFj7wOJXg4xi0SUkG90mM+xDN8uQXJvEKJbQpm8oFqindJPh4VO3rn2Gbfbge
NXqd5ysjXQ9A32wI73ADbyLzwevR0+KkXWG0gjgLFVgcmuvJvohjZsEksrlszH5f
fEd8NtDszH0UPUsN10zUciIReN6UVP5JyyXGMlT3PvhJGL4NzqJO3nvBUuPj9mru
20J7w7cI0dWYeoJYel6kuE4K8pLUmiNlT3mDhvZw5eV11Q8kSpR1CDJjJancg3M=
=1G9P
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list