[Opendnssec-user] ods-signer not working anymore ?

Matthijs Mekking matthijs at nlnetlabs.nl
Tue Mar 4 13:22:31 UTC 2014 

So it looks like the signer is doing things, but not outputting the 
signed zone. Is the auditor not happy perhaps? What does this command 
tell you:

/usr/local/bin/ods-auditor -c /usr/local/etc/opendnssec/conf.xml -u 
/usr/local/var/opendnssec/tmp/hirlimann.net.inbound -s 
/usr/local/var/opendnssec/tmp/hirlimann.net.finalized -z hirlimann.net

?

On 04-03-14 12:37, Ludovic Hirlimann wrote:
> On 04/03/2014 12:14, Matthijs Mekking wrote:
>> Hi,
>>
>> I would like to know some more so that I can delve into this:
>>
>> 1. Can you provide the version used?
> root at perso:~ # pkg_info |grep dns
> ldns-1.6.16         A library for programs conforming to DNS RFCs and drafts
> opendnssec-1.3.13   Tool suite for maintaining DNSSEC
> rubygem-dnsruby-1.53 A pure Ruby DNS client library
>>
>> 2. Can you increase the verbosity to 5 and schedule a sign again and
>> provide those logs?
>>
> root at perso:~ # ods-signer verbosity 5
> Verbosity level set to 5.
>
> root at perso:~ # ods-signer sign hirlimann.net
> Zone hirlimann.net scheduled for immediate re-sign.
>
> caught this in /var/log/debug.log:
>
> Mar  4 12:27:49 perso ods-signerd: [worker[1]] somebody poked me, check
> completed jobs 17 appointed, 17 completed, 0 failed
> Mar  4 12:27:49 perso ods-signerd: [worker[1]] sign zone hirlimann.net
> ok: 17 of 17 RRsets succeeded
> Mar  4 12:27:49 perso ods-signerd: [file] open file
> file=hirlimann.net.finalized.tmp mode=writing
> Mar  4 12:27:49 perso ods-signerd: system call:
> /usr/local/bin/ods-auditor -c /usr/local/etc/opendnssec/conf.xml -u
> /usr/local/var/opendnssec/tmp/hirlimann.net.inbound -s
> /usr/local/var/opendnssec/tmp/hirlimann.net.finalized -z hirlimann.net >
> /dev/null
> Mar  4 12:27:49 perso ods-signerd: [worker[1]] finished working on zone
> hirlimann.net
> Mar  4 12:27:49 perso ods-signerd: [scheduler] schedule task [read] for
> zone hirlimann.net
> Mar  4 12:27:49 perso ods-signerd: [task] On Tue Mar  4 13:27:49 2014 I
> will [read] zone hirlimann.net
> Mar  4 12:27:49 perso ods-signerd: [worker[1]] report for duty
> Mar  4 12:27:49 perso ods-signerd: [scheduler] not popping task for zone
> hirlimann.net: not ready (when 1393936069 < now 1393932469, flush=0)
> Mar  4 12:27:49 perso ods-signerd: [worker[1]] nothing to do
>
>> $ ods-signer verbosity
>> $ ods-signer sign hirlimann.net
>>
>> 3. Do the DNSKEY queries match the records in the signed file that the
>> signer has produced?
>>
> ain't sure for that one. because it doesn't look like the signer has
> produced a new file.
>> 4. What is the last time the signed file has been changed (fstat)?
>>
> root at perso:/etc/namedb/signed # ls -ltr
> total 8
> -rw-r--r--  1 root  wheel  7899 Feb 14 00:14 hirlimann.net
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>

More information about the Opendnssec-user mailing list