[Opendnssec-user] ods-signerd unresponsive/crashes
Gilles Massen
gilles.massen at restena.lu
Thu Dec 22 16:53:54 UTC 2011
Hi Michael,
>> domain10.at. 10800 IN NS ns1.domain10.at.
>> domain20.at. 10800 IN TXT "domain gesperrt"
>> domain30.at. 10800 IN NS ns1.domain10.at.
>
> If you remove the TXT-Record for domain20.at and replace it with a NS
> record like
>
>> domain20.at. 10800 IN NS ns1.domain10.at.
>
> and resign it, ods-signerd crashes. If I do a "ods-signer clear at"
> before the second run, everything is fine.
This looks very much like what happened to me, only that I wasn't able
to reproduce the crash - and two signers seemed to choke on it but after
passing a first time over the new data....
The key element seems to be the replacement of a record that need an
RRSIG with one of the same name that does not need one (or removing the
one with sig (like DS) while leaving others in place).
Unfortunately these things happen, especially in delegation-centric zones.
Best,
Gilles
More information about the Opendnssec-user
mailing list