[Opendnssec-user] ods-signerd unresponsive/crashes

Matthijs Mekking matthijs at NLnetLabs.nl
Mon Jan 2 14:13:48 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Thanks for the example. It did not crash for me, but debugging this
case, valgrind does show the warnings Rickard posted in this thread.

I have committed a fix to the repository, that made these warnings go
away, and probably also will resolve your issue.

Index: branches/OpenDNSSEC-1.3
Revision: 5982

Best regards,
  Matthijs

On 12/22/2011 03:45 PM, Michael Braunoeder wrote:
> Hi,
> 
> Am 22.12.2011 11:32, schrieb Matthijs Mekking:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi,
>>
>> Could you provide the specific backup file?
> 
> I'm able to reproduce it with a small zonefile too (the valgrind with
> the signerd on our productionszone is running for 4 hours and hasn't
> finished yet ;-):
> 
> If you sign (NSEC3 with Opt-Out, I didn't check the other options) this
> zonefile everything is fine:
> 
>> at.     172800  IN      SOA     dns.nic.at. domain-admin.univie.ac.at.
>> 2 10800 3600 604800 10800
>> at.     172800  IN      NS      r.nic.at.
>> at.     172800  IN      NS      j.nic.at.
>>
>>
>> domain10.at.    10800   IN      NS      ns1.domain10.at.
>> domain20.at.   10800   IN      TXT     "domain gesperrt"
>> domain30.at.    10800   IN      NS      ns1.domain10.at.
> 
> If you remove the TXT-Record for domain20.at and replace it with a NS
> record like
> 
>> domain20.at.    10800   IN      NS      ns1.domain10.at.
> 
> and resign it, ods-signerd crashes.  If I do a "ods-signer clear at"
> before the second run, everything is fine.
> 
> I tested it with OpenDNSSEC 1.3.4 on Debian using SoftHSM and a
> Hardware-HSM. I can reproduce the error any time.
> 
> If you need any additional information, please let me know.
> 
> Best,
> Michael
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPAbucAAoJEA8yVCPsQCW5pdMH/RaKsRipcx1iB11Ie7SAi2ti
FnBdRL8mfHqekZPi3fkqJnbTdBh0qnIRsoGSyEDPUS9kMP5amsLZsMBJT4N6KL0o
ueQ2rj0QxvoxIR3lNR6B+ueto0hk68Xd5/UGGIwCSk2l/0ojOKmatiuKxRjqYW22
pWL7CBKE4I4Sv4H3gadebwVemcXnn8orNvyULjVb9aQl9n6wMMB2yYm3kC03Jltl
9kJGu3NKSpeXiv0AJCRPaZU+3t+VZcST/+MSA9VITGIPwv9ovEmZid1fsZTTScJs
eMPV+/H9WWgi4QlLP87HS2HhmNpCKB4XlK2Ona1mHA6tbofQfY3iYRvy08XwBn0=
=3zti
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list