[Opendnssec-user]About Signerd Failed to Sign RRs Issue

shuoleo@126 shuoleo at 126.com
Sun Feb 17 06:01:35 UTC 2013


Hi All,

We are doing automatic testing with opendnssec-1.4.0rc2 using INBOUND Adapter and OUTBOUND Adapter both configured DNS and two BINDs used as the inbound source and outbound source respectively.

We use a shell script to add 100 domains  to the inbound BIND every 10 minutes and each with 2 DS RRs, 1 NS RR and 1 A RR.

At first, it works great and the signing process is smooth, too.
But after a day's testing, we have observed that after a time signerd failed to sign the incoming RRs (or even failed to receive them) and the check script got NXDOMAIN from the outbound BIND, let alone the RRSIGs.

We tried to restart opendnssec proceses to check where the problem was and found that after restarting, all the missing RRs are received by opendnssec and signed successfully via AXFR, now we can get
NOERROR from the outbound BIND.

We have got two logs from opendnssec for you to troubleshoot.
We did the same nsupdate processes (one domain with 2 DS RRs, 1 NS RR and 1 A RR) to the inboud BIND before and after restarting opendnssec and get failed suffixed and restart suffixed logs.

I hope that will help, thank you.


Best regards,
Stuart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20130217/2bf82054/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: opendnssec.restarted.log
Type: application/octet-stream
Size: 22683 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20130217/2bf82054/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: opendnssec.failed.log
Type: application/octet-stream
Size: 7797 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20130217/2bf82054/attachment-0001.obj>


More information about the Opendnssec-user mailing list