[Opendnssec-user] TLSA

Matthijs Mekking matthijs at nlnetlabs.nl
Thu Dec 6 11:25:46 CET 2012


[Noticed that I didn't send this to the list]

-------- Original Message --------
Subject: Re: [Opendnssec-user] TLSA
Date: Wed, 05 Dec 2012 08:49:05 +0100
From: Matthijs Mekking <matthijs at nlnetlabs.nl>
To: Mathieu Arnold <mat at mat.cc>

On 12/04/2012 05:05 PM, Mathieu Arnold wrote:
 > Hi,
 >
 > Ok, upgraded ldns, all is good now.
 >
 > I get some strange behavior, (v1.3.10), though...
 >
 > Say, I do :
 >
 > $ ods-signer sign absolight.net
 >
 > and in the logs, I get :
 >
 > Dec  4 17:02:50 ns1 ods-signerd: [scheduler] unable to unschedule task
 > [read] for zone absolight.net: not scheduled
 >
 > and :
 >
 > $ ods-signer queue | grep absolight.net
 > On Tue Dec  4 23:58:09 2012 I will [read] zone absolight.net

These messages can come up in the log if the zone is not scheduled (for
example, because it is being worked on). This seems to be the case for
you: absolight.net is being read.

Depending on your verbosity level, there should also be a log saying
that the worker is busy with zone absolight.net, and that it will
reschedule the zone once the current task is done.

The first is at level LOG_WARNING, while the second is at LOG_INFO.
Perhaps we should tweak it so that it doesn't look that strange.

Best regards,
   Matthijs


 >
 > but it does not reschedule it for right now...
 >
 > +--On 4 décembre 2012 14:25:27 +0100 Matthijs Mekking
 > <matthijs at nlnetlabs.nl> wrote:
 > | Hi Mathieu,
 > |
 > | OpenDNSSEC depends on LDNS for supported RRtypes. You should link 
against
 > | ldns 1.6.16 if you want to do TLSA.
 > |
 > | Best regards,
 > |    Matthijs
 > |
 > | On 12/04/2012 01:44 PM, Mathieu Arnold wrote:
 > |> Hello,
 > |>
 > |> While having lunch, I discovered TLSA records, and I wanted to 
give it a
 > |> spin, but...
 > |>
 > |> Dec  4 13:40:53 ns1 ods-signerd: [adapter] error parsing RR at line 17
 > |> (Syntax error, could not parse the RR's rdata): _443._tcp.mat.cc.
 > |> 86400 IN TLSA 3 0 1
 > |> D6731A11F7F79A6E38757E0F48589A6887735E33BE2A2E6D033BE16A E969EDFE
 > |>
 > |> Wondering if TLSA is not supported, or if the one I have is 
malformed...
 > |> :-)
 > |>
 > |
 > |
 >
 >
 >






More information about the Opendnssec-user mailing list