[Opendnssec-user] ods-signerd unresponsive/crashes

Michael Braunoeder mib at nic.at
Thu Dec 22 14:45:06 UTC 2011


Am 22.12.2011 11:32, schrieb Matthijs Mekking:
> Hash: SHA1
> Hi,
> Could you provide the specific backup file?

I'm able to reproduce it with a small zonefile too (the valgrind with 
the signerd on our productionszone is running for 4 hours and hasn't 
finished yet ;-):

If you sign (NSEC3 with Opt-Out, I didn't check the other options) this 
zonefile everything is fine:

> at.     172800  IN      SOA     dns.nic.at. domain-admin.univie.ac.at. 2 10800 3600 604800 10800
> at.     172800  IN      NS      r.nic.at.
> at.     172800  IN      NS      j.nic.at.
> domain10.at.    10800   IN      NS      ns1.domain10.at.
> domain20.at.   10800   IN      TXT     "domain gesperrt"
> domain30.at.    10800   IN      NS      ns1.domain10.at.

If you remove the TXT-Record for domain20.at and replace it with a NS 
record like

> domain20.at.    10800   IN      NS      ns1.domain10.at.

and resign it, ods-signerd crashes.  If I do a "ods-signer clear at" 
before the second run, everything is fine.

I tested it with OpenDNSSEC 1.3.4 on Debian using SoftHSM and a 
Hardware-HSM. I can reproduce the error any time.

If you need any additional information, please let me know.


More information about the Opendnssec-user mailing list