[Opendnssec-user] ods-signer not working anymore ?

Tue Mar 4 11:37:16 UTC 2014

On 04/03/2014 12:14, Matthijs Mekking wrote:
> Hi,
>
> I would like to know some more so that I can delve into this:
>
> 1. Can you provide the version used?
root at perso:~ # pkg_info |grep dns
ldns-1.6.16         A library for programs conforming to DNS RFCs and drafts
opendnssec-1.3.13   Tool suite for maintaining DNSSEC
rubygem-dnsruby-1.53 A pure Ruby DNS client library
>
> 2. Can you increase the verbosity to 5 and schedule a sign again and
> provide those logs?
>
root at perso:~ # ods-signer verbosity 5
Verbosity level set to 5.

root at perso:~ # ods-signer sign hirlimann.net
Zone hirlimann.net scheduled for immediate re-sign.

caught this in /var/log/debug.log:

Mar  4 12:27:49 perso ods-signerd: [worker[1]] somebody poked me, check
completed jobs 17 appointed, 17 completed, 0 failed
Mar  4 12:27:49 perso ods-signerd: [worker[1]] sign zone hirlimann.net
ok: 17 of 17 RRsets succeeded
Mar  4 12:27:49 perso ods-signerd: [file] open file
file=hirlimann.net.finalized.tmp mode=writing
Mar  4 12:27:49 perso ods-signerd: system call:
/usr/local/bin/ods-auditor -c /usr/local/etc/opendnssec/conf.xml -u
/usr/local/var/opendnssec/tmp/hirlimann.net.inbound -s
/usr/local/var/opendnssec/tmp/hirlimann.net.finalized -z hirlimann.net >
/dev/null
Mar  4 12:27:49 perso ods-signerd: [worker[1]] finished working on zone
hirlimann.net
Mar  4 12:27:49 perso ods-signerd: [scheduler] schedule task [read] for
zone hirlimann.net
Mar  4 12:27:49 perso ods-signerd: [task] On Tue Mar  4 13:27:49 2014 I
will [read] zone hirlimann.net
Mar  4 12:27:49 perso ods-signerd: [worker[1]] report for duty
Mar  4 12:27:49 perso ods-signerd: [scheduler] not popping task for zone
hirlimann.net: not ready (when 1393936069 < now 1393932469, flush=0)
Mar  4 12:27:49 perso ods-signerd: [worker[1]] nothing to do

> $ ods-signer verbosity
> $ ods-signer sign hirlimann.net
>
> 3. Do the DNSKEY queries match the records in the signed file that the
> signer has produced?
>
ain't sure for that one. because it doesn't look like the signer has
produced a new file.
> 4. What is the last time the signed file has been changed (fstat)?
>
root at perso:/etc/namedb/signed # ls -ltr
total 8
-rw-r--r--  1 root  wheel  7899 Feb 14 00:14 hirlimann.net

-- 
http://sietch-tabr.tumblr.com/
http://www.flickr.com/photos/lhirlimann/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 278 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140304/4c34a515/attachment.bin>