[Opendnssec-user] DNSKEY will expire in 11.6381365740741 days (kskwarn is 12.0)
Volker Janzen
voja at voja.de
Tue Dec 10 10:21:42 UTC 2013
Hi Rick,
there is no output from the signer at all, just from the enforcer:
Dec 10 06:57:18 a ods-enforcerd: HSM connection open.
Dec 10 06:57:18 a ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"
Dec 10 06:57:18 a ods-enforcerd: Reading config schema
"/usr/share/opendnssec/conf.rng"
Dec 10 06:57:18 a ods-enforcerd: Communication Interval: 3600
Dec 10 06:57:18 a ods-enforcerd: Using command:
/usr/local/bin/update-dnskey.sh to submit DS records
Dec 10 06:57:18 a ods-enforcerd: SQLite database set to:
/var/lib/opendnssec/kasp.db
Dec 10 06:57:18 a ods-enforcerd: Log User set to: local0
Dec 10 06:57:18 a ods-enforcerd: Switched log facility to: local0
Dec 10 06:57:18 a ods-enforcerd: Connecting to Database...
Dec 10 06:57:18 a ods-enforcerd: Policy default found.
Dec 10 06:57:18 a ods-enforcerd: Key sharing is Off.
Dec 10 06:57:18 a ods-enforcerd: Purging keys...
Dec 10 06:57:18 a ods-enforcerd: Policy lab found.
Dec 10 06:57:18 a ods-enforcerd: Key sharing is Off.
Dec 10 06:57:18 a ods-enforcerd: No zones on policy lab, skipping...
Dec 10 06:57:18 a ods-enforcerd: Purging keys...
Dec 10 06:57:18 a ods-enforcerd: zonelist filename set to
/etc/opendnssec/zonelist.xml.
Dec 10 06:57:18 a ods-enforcerd: Zone dnssec.cc found.
Dec 10 06:57:18 a ods-enforcerd: Policy for dnssec.cc set to default.
Dec 10 06:57:18 a ods-enforcerd: Policy default found in DB.
Dec 10 06:57:18 a ods-enforcerd: Config will be output to
/var/lib/opendnssec/signconf/dnssec.cc.xml.
Dec 10 06:57:18 a ods-enforcerd: No change to:
/var/lib/opendnssec/signconf/dnssec.cc.xml
Dec 10 06:57:18 a ods-enforcerd: Disconnecting from Database...
Dec 10 06:57:18 a ods-enforcerd: Sleeping for 3600 seconds.
Dec 10 07:57:18 a ods-enforcerd: HSM connection open.
Dec 10 07:57:18 a ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"
Dec 10 07:57:18 a ods-enforcerd: Reading config schema
"/usr/share/opendnssec/conf.rng"
Dec 10 07:57:18 a ods-enforcerd: Communication Interval: 3600
Dec 10 07:57:18 a ods-enforcerd: Using command:
/usr/local/bin/update-dnskey.sh to submit DS records
Dec 10 07:57:18 a ods-enforcerd: SQLite database set to:
/var/lib/opendnssec/kasp.db
Dec 10 07:57:18 a ods-enforcerd: Log User set to: local0
Dec 10 07:57:18 a ods-enforcerd: Switched log facility to: local0
Dec 10 07:57:18 a ods-enforcerd: Connecting to Database...
Dec 10 07:57:18 a ods-enforcerd: Policy default found.
Dec 10 07:57:18 a ods-enforcerd: Key sharing is Off.
Dec 10 07:57:18 a ods-enforcerd: Purging keys...
Dec 10 07:57:18 a ods-enforcerd: Policy lab found.
Dec 10 07:57:18 a ods-enforcerd: Key sharing is Off.
Dec 10 07:57:18 a ods-enforcerd: No zones on policy lab, skipping...
Dec 10 07:57:18 a ods-enforcerd: Purging keys...
Dec 10 07:57:18 a ods-enforcerd: zonelist filename set to
/etc/opendnssec/zonelist.xml.
Dec 10 07:57:18 a ods-enforcerd: Zone dnssec.cc found.
Dec 10 07:57:18 a ods-enforcerd: Policy for dnssec.cc set to default.
Dec 10 07:57:18 a ods-enforcerd: Policy default found in DB.
Dec 10 07:57:18 a ods-enforcerd: Config will be output to
/var/lib/opendnssec/signconf/dnssec.cc.xml.
Dec 10 07:57:19 a ods-enforcerd: No change to:
/var/lib/opendnssec/signconf/dnssec.cc.xml
Dec 10 07:57:19 a ods-enforcerd: Disconnecting from Database...
Dec 10 07:57:19 a ods-enforcerd: Sleeping for 3600 seconds.
Dec 10 08:57:19 a ods-enforcerd: HSM connection open.
Dec 10 08:57:19 a ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"
Dec 10 08:57:19 a ods-enforcerd: Reading config schema
"/usr/share/opendnssec/conf.rng"
Dec 10 08:57:19 a ods-enforcerd: Communication Interval: 3600
Dec 10 08:57:19 a ods-enforcerd: Using command:
/usr/local/bin/update-dnskey.sh to submit DS records
Dec 10 08:57:19 a ods-enforcerd: SQLite database set to:
/var/lib/opendnssec/kasp.db
Dec 10 08:57:19 a ods-enforcerd: Log User set to: local0
Dec 10 08:57:19 a ods-enforcerd: Switched log facility to: local0
Dec 10 08:57:19 a ods-enforcerd: Connecting to Database...
Dec 10 08:57:19 a ods-enforcerd: Policy default found.
Dec 10 08:57:19 a ods-enforcerd: Key sharing is Off.
Dec 10 08:57:19 a ods-enforcerd: Purging keys...
Dec 10 08:57:19 a ods-enforcerd: Policy lab found.
Dec 10 08:57:19 a ods-enforcerd: Key sharing is Off.
Dec 10 08:57:19 a ods-enforcerd: No zones on policy lab, skipping...
Dec 10 08:57:19 a ods-enforcerd: Purging keys...
Dec 10 08:57:19 a ods-enforcerd: zonelist filename set to
/etc/opendnssec/zonelist.xml.
Dec 10 08:57:19 a ods-enforcerd: Zone dnssec.cc found.
Dec 10 08:57:19 a ods-enforcerd: Policy for dnssec.cc set to default.
Dec 10 08:57:19 a ods-enforcerd: Policy default found in DB.
Dec 10 08:57:19 a ods-enforcerd: Config will be output to
/var/lib/opendnssec/signconf/dnssec.cc.xml.
Dec 10 08:57:19 a ods-enforcerd: No change to:
/var/lib/opendnssec/signconf/dnssec.cc.xml
Dec 10 08:57:19 a ods-enforcerd: Disconnecting from Database...
Dec 10 08:57:19 a ods-enforcerd: Sleeping for 3600 seconds.
Dec 10 09:57:19 a ods-enforcerd: HSM connection open.
Dec 10 09:57:19 a ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"
Dec 10 09:57:19 a ods-enforcerd: Reading config schema
"/usr/share/opendnssec/conf.rng"
Dec 10 09:57:19 a ods-enforcerd: Communication Interval: 3600
Dec 10 09:57:19 a ods-enforcerd: Using command:
/usr/local/bin/update-dnskey.sh to submit DS records
Dec 10 09:57:19 a ods-enforcerd: SQLite database set to:
/var/lib/opendnssec/kasp.db
Dec 10 09:57:19 a ods-enforcerd: Log User set to: local0
Dec 10 09:57:19 a ods-enforcerd: Switched log facility to: local0
Dec 10 09:57:19 a ods-enforcerd: Connecting to Database...
Dec 10 09:57:19 a ods-enforcerd: Policy default found.
Dec 10 09:57:19 a ods-enforcerd: Key sharing is Off.
Dec 10 09:57:19 a ods-enforcerd: Purging keys...
Dec 10 09:57:19 a ods-enforcerd: Policy lab found.
Dec 10 09:57:19 a ods-enforcerd: Key sharing is Off.
Dec 10 09:57:19 a ods-enforcerd: No zones on policy lab, skipping...
Dec 10 09:57:19 a ods-enforcerd: Purging keys...
Dec 10 09:57:19 a ods-enforcerd: zonelist filename set to
/etc/opendnssec/zonelist.xml.
Dec 10 09:57:19 a ods-enforcerd: Zone dnssec.cc found.
Dec 10 09:57:19 a ods-enforcerd: Policy for dnssec.cc set to default.
Dec 10 09:57:19 a ods-enforcerd: Policy default found in DB.
Dec 10 09:57:19 a ods-enforcerd: Config will be output to
/var/lib/opendnssec/signconf/dnssec.cc.xml.
Dec 10 09:57:19 a ods-enforcerd: No change to:
/var/lib/opendnssec/signconf/dnssec.cc.xml
Dec 10 09:57:19 a ods-enforcerd: Disconnecting from Database...
Dec 10 09:57:19 a ods-enforcerd: Sleeping for 3600 seconds.
Dec 10 10:57:19 a ods-enforcerd: HSM connection open.
Dec 10 10:57:19 a ods-enforcerd: Reading config
"/etc/opendnssec/conf.xml"
Dec 10 10:57:19 a ods-enforcerd: Reading config schema
"/usr/share/opendnssec/conf.rng"
Dec 10 10:57:19 a ods-enforcerd: Communication Interval: 3600
Dec 10 10:57:19 a ods-enforcerd: Using command:
/usr/local/bin/update-dnskey.sh to submit DS records
Dec 10 10:57:19 a ods-enforcerd: SQLite database set to:
/var/lib/opendnssec/kasp.db
Dec 10 10:57:19 a ods-enforcerd: Log User set to: local0
Dec 10 10:57:19 a ods-enforcerd: Switched log facility to: local0
Dec 10 10:57:19 a ods-enforcerd: Connecting to Database...
Dec 10 10:57:19 a ods-enforcerd: Policy default found.
Dec 10 10:57:19 a ods-enforcerd: Key sharing is Off.
Dec 10 10:57:19 a ods-enforcerd: Purging keys...
Dec 10 10:57:19 a ods-enforcerd: Policy lab found.
Dec 10 10:57:19 a ods-enforcerd: Key sharing is Off.
Dec 10 10:57:19 a ods-enforcerd: No zones on policy lab, skipping...
Dec 10 10:57:19 a ods-enforcerd: Purging keys...
Dec 10 10:57:19 a ods-enforcerd: zonelist filename set to
/etc/opendnssec/zonelist.xml.
Dec 10 10:57:19 a ods-enforcerd: Zone dnssec.cc found.
Dec 10 10:57:19 a ods-enforcerd: Policy for dnssec.cc set to default.
Dec 10 10:57:19 a ods-enforcerd: Policy default found in DB.
Dec 10 10:57:19 a ods-enforcerd: Config will be output to
/var/lib/opendnssec/signconf/dnssec.cc.xml.
Dec 10 10:57:19 a ods-enforcerd: No change to:
/var/lib/opendnssec/signconf/dnssec.cc.xml
Dec 10 10:57:19 a ods-enforcerd: Disconnecting from Database...
Dec 10 10:57:19 a ods-enforcerd: Sleeping for 3600 seconds.
Signer process is running:
ps aux | grep signer
104 14565 0.0 0.3 151828 7104 ? Ssl Nov15 0:00
/usr/sbin/ods-signerd
Anything I can check before trying to restart the signer?
Regards,
Volker
On Tue, 10 Dec 2013 11:15:52 +0100, Rick van Rein
<rick at openfortress.nl> wrote:
> Volker,
>
>> I think I might have a configuration error in OpenDNSSEC. I want it to resign the whole zone once in 14 days, that Nagios starts warning me 12 days before it expires. My kasp.xml should be default:
>
> One potential source of these errors is if the signer cannot read
> your zone, gets confused and stops generating signatures. This should
> be very loud in your log files, because it keeps running into those
> problems every hour or so. Please be sure to have checked those.
>
> -Rick
More information about the Opendnssec-user
mailing list