[Opendnssec-user] ods-signerd unresponsive/crashes

Gilles Massen gilles.massen at restena.lu
Thu Dec 22 16:53:54 UTC 2011


Hi Michael,

>> domain10.at.    10800   IN      NS      ns1.domain10.at.
>> domain20.at.   10800   IN      TXT     "domain gesperrt"
>> domain30.at.    10800   IN      NS      ns1.domain10.at.
> 
> If you remove the TXT-Record for domain20.at and replace it with a NS
> record like
> 
>> domain20.at.    10800   IN      NS      ns1.domain10.at.
> 
> and resign it, ods-signerd crashes.  If I do a "ods-signer clear at"
> before the second run, everything is fine.

This looks very much like what happened to me, only that I wasn't able
to reproduce the crash - and two signers seemed to choke on it but after
passing a first time over the new data....

The key element seems to be the replacement of a record that need an
RRSIG with one of the same name that does not need one (or removing the
one with sig (like DS) while leaving others in place).

Unfortunately these things happen, especially in delegation-centric zones.

Best,
Gilles



More information about the Opendnssec-user mailing list