[Opendnssec-user] Signing a largish zone...
Mark Elkins
mje at posix.co.za
Wed Mar 5 17:57:01 UTC 2014
I'm running opendnssec (version 1.4.1) on three virtual Gentoo machines.
OpenDNSSEC is meant to be a bump on the wire...
I'm trying to sign three zones,
One small - 19 NS delegations, not much else
One medium - 630 lines in the zone - all sorts of stuff.
One Large - just under a million NS Delegations, of which about 20 have
DS records..
The large zone is logging in syslog:
ods-signerd: [worker[1]] sign zone co.za failed: processed 53355 of
54355 RRsets
ods-signerd: [worker[1]] CRITICAL: failed to sign zone co.za: General
error
ods-signerd: [worker[1]] backoff task [sign] for zone co.za with 60
seconds
ods-signerd: [engine] signer shutdown
That doesn't look good to me. Where can I find out more?
My setup is...
Box1, running BIND 9.9.4 - Master for all three domain
Box2, OpenDNSSEC. set up for NSEC3, OptOut...
Box3, running BIND 9.9.4, Slave for the three domains.
I also have the feeling that Notifies get lost from Box1 to Box2...
(unless I stop/start)
Can't "dig" Box2 (OpenDNSSEC) anymore either...
yet...
addns.xml: contains...
<ProvideTransfer>
<Peer><Prefix>::1</Prefix></Peer>
<Peer><Prefix>160.124.48.43</Prefix></Peer>
<Peer><Prefix>2001:42a0:1000:48::43</Prefix></Peer>
</ProvideTransfer>
(Can one use "0.0.0.0" as a wildcard???)
Then I stop and start and then I can "dig" again...
--
. . ___. .__ Posix Systems - Sth Africa
/| /| / /__ mje at posix.co.za - Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
More information about the Opendnssec-user
mailing list