[Opendnssec-user] ods-signerd not signing zone on schedule

Rickard Bellgrim rickard at opendnssec.org
Wed Dec 7 16:36:27 UTC 2011

> I'd noticed that ods-signerd had not updated one of our zones in
> several days, even though some of the signatures were approaching
> expiration and others had indeed expired.
> As a test, I added a record to the zone in question and decided to wait
> until the next scheduled run of the signer, rather than signing the zone
> immediately with ods-signer.
> Strangely, ods-signerd did not recognise that the zone had changed
> when the scheduled signing time arrived, however I was able to update
> and re-sign the zone manually with ods-signer from the command line.
> Debug output from "ods-signerd -vvvvvv" is attached, both from the
> failed (ods-signer-scheduled.txt) and successful (ods-signer-manual.txt)
> signing attempts.
> Any thoughts? Are there differences between invoking ods-signer from
> the command line and the scheduled run of ods-signerd? (eg: tty
> attached)

The signer will not read the unsigned zone until you give the "sign"
command. The scheduled time is only for checking for signatures that
needs to be refreshed.

The logs says that the signatures are still valid. Do you have more
information on the expired signatures?

More information about the Opendnssec-user mailing list