[Opendnssec-user] opendnssec on Ubuntu 10.04 32bit

Bryton bryton at tznic.or.tz
Fri Jul 1 08:47:23 UTC 2011

  Thanks Ondrej,Everything is running now.

After everything running smoothly i followed the documentation and i 
don't understand few things.

1:I have saved the zone I want to sing to the unsigned source as the 
configs say and I was hoping ods-signer could sign it and I get the 
signed zone in the signed directory but I don't get anything.Further to 
this I decided to do *ods-signer sign tz*   and I got *Zone tz scheduled 
for immediate re-sign.* why does it saying it immediately and I went to 
the signed directory nothing there.

2:I hope now that all config are ok to get the DS so that I can publish 
to the parent How do i get this.

3:I did the bellow command and see the list bellow:-

*root at ubuntu-serv-dnssec:/var/lib# ods-ksmutil key list --verbose --zone tz
SQLite database set to: /var/lib/opendnssec/db/kasp.db
Zone:                           Keytype:      State:    Date of next 
transition:  CKA_ID:                           
Repository:                       Keytag:
tz                              KSK           publish   2011-07-02 
01:04:24       2861479296b2cb6ed0f884a479b5e99d  
SoftHSM                           40949
tz                              ZSK           active    2011-07-31 
11:04:24       880a44b2e853db6a26368ecdf292898d  
SoftHSM                           48528

*Wat is the DATE OF NEXT TRANSITION.I was hoping it to be *2012-07-02 
01:04:24 *(Meaning its after 1 year for KSK ) ZSK is ok i think.

KIndly assist as I am trying to get to know these things better.


On 06/30/2011 06:06 PM, Ondřej Surý wrote:
> I guess I need to add this README.Debian to opendnssec-signer as well:
> If you are going to use softhsm, you need to allow opendnssec user
> to access /var/lib/softhsm (or another place where you keep your
> softHSM database).  On standard debian system, it should be sufficient
> to add opendnssec user to softhsm group by issuing:
>    # adduser opendnssec softhsm
> On Thu, Jun 30, 2011 at 17:04, Bryton<bryton at tznic.or.tz>  wrote:
>> Starting enforcer...
>> OpenDNSSEC ods-enforcerd started (version 1.2.1), pid 1982
>> Starting signer engine...
>> Starting signer...
>> OpenDNSSEC signer engine version 1.2.1
>> SoftHSM: Could not open the config file: /etc/softhsm/softhsm.conf
>> Could not start signer
>> It seems the error of libxml is gone after removing it from /usr/local/lib
>>   but stil signer could not start
>> On 06/30/2011 05:53 PM, Ondřej Surý wrote:
>>> Well, I would suggest removing the libxml2 from /usr/local/lib and use
>>> packaged version unless you explicitly need something not in the
>>> package.
>>> Mixing packaged libraries with /usr/local/lib never plays well.
>>> O.
>>> On Thu, Jun 30, 2011 at 16:51, Rickard Bellgrim<rickard at opendnssec.org>
>>>   wrote:
>>>> On Thu, Jun 30, 2011 at 4:44 PM, Bryton<bryton at tznic.or.tz>    wrote:
>>>>> /usr/sbin/ods-signerd: /usr/local/lib/libxml2.so.2: no version
>>>>> information
>>>>> available (required by /usr/sbin/ods-signerd)
>>>> Try rebuilding the dynamic linker cache.
>>>> sudo ldconfig
>>>> // Rickard
>>>> _______________________________________________
>>>> Opendnssec-user mailing list
>>>> Opendnssec-user at lists.opendnssec.org
>>>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>> --
>> Regards,
>> Bryton.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110701/e51fb113/attachment.htm>

More information about the Opendnssec-user mailing list