[Opendnssec-user] Problems triggered by a zone removal in ODS 1.3.8.
Matthijs Mekking
matthijs at nlnetlabs.nl
Thu May 24 08:38:50 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Göran,
On 05/24/2012 10:03 AM, Göran Bengtson wrote:
> I've created a BUG Report for this, but I wonder if this problem is
> seen only by me. (Using ODS 1.3.8).
>
> To summarize, removing a zone (from zonelist.xml etc) creates two
> problem.
>
> 1 The signer does not understand that the zone is removed (even
> though the ods-ksmutil update all indicate that it is removed, and
> the enforcer gets the picture. Th signer still tries to sign the
> zone. This is resolved by restarting ODS.
If you delete a zone from the zonelist.xml file manually, you'll need
to inform the signer with:
$ ods-signer update
If you delete a zone with ods-ksmutil zone delete, ods-ksmutil will
run that command for you.
Best regards,
Matthijs
>
> 2 This is serious. Immediately after the ods-ksmutil update
> command is given ODS gets seriously confused about the keys in
> ANOTHER, remaining zone. A new ZSK key is generated, and the active
> ZSK dissapears (is not used anymore). ods-ksmutil key list only
> show the KSK key and the newly generated ZSK key (in publish
> state).
>
> Now, this occurred first yesterday when removing a zone. But since
> it occurred again today when removing another zone, the problem is
> reproducable, at least with my installation.
>
> / Göran Bengtson Chalmers
>
>
> _______________________________________________ Opendnssec-user
> mailing list Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPvfOaAAoJEA8yVCPsQCW5TQsIAKNxBFoNQHsX+WrlPx8+dLSX
hjnk/2D1x34JBiDN/c6hWsxaYlJiWGiy4mMH14yTIJF58+MUzuHOzPU3wHSPTtgz
g4nHuTc8+MWKpJTcTTJzT5nfMdilMzoKBKr4EV8/hIBxlAgSdQ1Rl+bITy9WMBGD
hNUD7DM1c7ius4zvZCW/CD6Ehbk57fo7ry7kTmegPIa9l2aMkvYRvZO05+oxU9a6
MfpXZ5THthgSawPLwJQ5R9bUrutWBVVpbz84kyVNOOspFA0KRpQYO9ujh4no1jB/
fuxQI/jDE+rmm0DrxMUwqIGJwge7xHcjtc69W8nWVRLTvQQkfSdg3OlLGhvAKts=
=L6IS
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list