[Opendnssec-user] assertion failure (ods 1.3.0)

Matthijs Mekking matthijs at NLnetLabs.nl
Tue Aug 16 10:52:32 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I think what happens here is that the signer configuration cannot be
validated. However, when issuing sign <zone> command, it will try to
read the zone and sign anyway.

A fix for checking whether the signer configuration validated would be
wise and has been committed to the repository.

Thanks,
  Matthijs


On 08/16/2011 08:37 AM, Miek Gieben wrote:
> Hello,                                                                                                                               
> We have connected ods to a new partition in our HSM. The ods install wasn't cleaned
> so it still thinks old keys are valid (i.e. the whole kasp.db is messed up).
> 
> Obviously this setup will fail, but I'm also hit with an assertion failure. The
> relevant logging is here:
> 
> signertest ods-signerd: [hsm] unable to get key: key 00c8f5813717302a753d3a625b4f398a not found
> signertest ods-signerd: [zone] unable to publish dnskeys zone nl: error creating DNSKEY for key
> 00c8f5813717302a753d3a625b4f398a
> signertest ods-signerd: [worker[2]] backoff task [load signconf for] for zone nl with 120 seconds
> signertest ods-signerd: signer/tools.c:229: tools_nsecify: assertion zone->nsec3params failed
> 
> Regards,
> 
> --
>     Miek Gieben
> 
> 
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOSkvwAAoJEA8yVCPsQCW5UCIH/0G5jkVFrkMAV3Je6KVWAkKr
SiFzUmB5+VFejAh92bSdvmTgavY25H1BHhoBGP8hJNFPheUw5GvMTDcPGp6CKBGG
T4e5AZ8/WXXetYEnc7adDw5RthI4mIK4UMFgMVbNhPEPs7G6nvzV/65Oiuvgf0ra
6zZmm5P20zFyIH+5mSwU6dc9Z7RbNyiXFVrQaNNzzaGfJI/0Uc/mgN9Mb9ddTrOZ
ad82ZpZPGq46k9G/Ckzg69FjDDCmJXdn4WXhGviDkkYVJNzTfvdIuvJzAN7wUTF4
rkEL6MV9q5qbN9jBgfQ9R73GehAifAnEahcSYondUWX9AmBEw3k/ixXSED3gPjU=
=epfK
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list