[Opendnssec-user] signed crash (1.3.4)

Gilles Massen gilles.massen at restena.lu
Wed Dec 21 08:54:32 UTC 2011

Hello Jerry,

> Thanks for reporting.
> Where you able to replicate the problem, if so how?

No. Restarting ods (via ods-control) simply complained about corrupted
backup file, and started a new full signing - which went through on the
same input data.

This said, I have hourly backups of the opendnssec directory - so I'll
try to restore the one before the crash and see if I can trigger
something. As current information points on a sig renewal issue it might
be possible to rebuilt something. I'll let you know.

> Is there a core dump / back trace available?

No. Next time there will be :/

> What set up do you have, number of zones, entries per zone, number of
> workers and drudgers, what kind of hsm solution?

A rather basic setup, in my feeling: about 60 zones. Mostly small leaf
zones (5-100 entries), mainly NSEC, almost all same policy, shared keys.
One larger zone, about 120000 records, only delegations, NSEC3-optout,
with it's own key. That's the one on wich both signers crashed. 4
workers, drudgers not configured (so default). As HSM an AEP keyper is used.

> Cheers,
> Jerry
> On 21 dec 2011, at 09:24, Gilles Massen <gilles.massen at restena.lu> wrote:
>> Morning everyone,
>> I had my two opendnssec instances crash on me tonight, under similar but
>> not identical circumstances. I'm curious if this rings a bell with
>> someone.... Both signer crashed on the same zome. They receive the same
>> input zone at the same time, use the same keys but are autonomous (by
>> managing their own signs, jitter,...).
>> The backup signer crashed with the zone export at 19:00 with this
>> message (in kernel log - nothing in its own logs):
>> ods-signerd[12413]: segfault at 7f4a00000022 ip 000000000041a97e sp
>> 00007f4aad439da0 error 4 in ods-signerd[400000+3d000]
>> What we got out of this is:
>> addr2line -e /usr/local/opendnssec/sbin/ods-signerd 000000000041a97e
>> -> /usr/local/src/opendnssec-1.3.4/signer/src/signer/rrsigs.c:170
>> in rrsigs_cleanup(rrsigs_type* rrsigs):
>> l170: if (rrsigs->next) {
>> The main signer dies with the following zone export, 4 hours later with
>> this:
>> ods-signerd[13147] general protection ip:7f2be77a91e9 sp:7f2be44a1cc0
>> error:0 in libldns.so.1.6.9[7f2be7791000+4b000]
>> (no further information on this one)
>> As the did not crash on the same input file, I'd expect a problem with
>> renewing an expiring signature...
>> Anyone seen this before? Any ideas on the trigger (and even better: how
>> to prevent reocurrence)?
>> Best regards,
>> Gilles
>> --
>> Fondation RESTENA - DNS-LU
>> 6, rue Coudenhove-Kalergi
>> L-1359 Luxembourg
>> tel: (+352) 424409
>> fax: (+352) 422473
>> _______________________________________________
>> Opendnssec-user mailing list
>> Opendnssec-user at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473

More information about the Opendnssec-user mailing list