[Opendnssec-user] OpenDNSSEC Signer TroubleS

Ramanou Biaou ramanou at netim.com
Tue Mar 25 12:30:13 UTC 2014 

Hello!
I have some problems with my opendnssec,

Signed files are not in the directory I specified in "zonelist.xml"

<ZoneList>
         <Zone name="mydomaine.com">
                 <Policy>test</Policy>
<SignerConfiguration>/var/lib/opendnssec/signconf/mydomaine.com.xml</SignerConfiguration>
                 <Adapters>
                         <Input>
<File>/var/chroot/bind9/var/named/masters/b/mydomaine.com</File>
                         </Input>
                         <Output>
<File>/var/chroot/bind9/var/named/masters/b/mydomaine.com.signed</File>
                         </Output>
                 </Adapters>
         </Zone>
</ZoneList>


The signed files are put in the tmp/ directory
*
**And in my log I have some informations**
*
Mar 25 13:23:35 ns0 ods-signerd: acquire cond
Mar 25 13:23:35 ns0 ods-signerd: notify
Mar 25 13:23:35 ns0 ods-signerd: release cond
Mar 25 13:23:35 ns0 ods-signerd: Releasing lock on zone mydomaine.com
Mar 25 13:23:35 ns0 ods-signerd: No output file found, seconds to resign: 0
Mar 25 13:23:35 ns0 ods-signerd: Scheduling task to sign zone 
mydomaine.com at 1395750215.98 with resign time 7200
Mar 25 13:23:35 ns0 ods-signerd: acquire cond
Mar 25 13:23:35 ns0 ods-signerd: notify
Mar 25 13:23:35 ns0 ods-signerd: release cond
Mar 25 13:23:35 ns0 ods-signerd: Zone mydomaine.com added
Mar 25 13:23:35 ns0 ods-signerd: additional groups: [109, 999]
Mar 25 13:23:35 ns0 ods-signerd: Drop privileges to group opendnssec
Mar 25 13:23:35 ns0 ods-signerd: Drop privileges to user opendnssec
Mar 25 13:23:35 ns0 ods-signerd: opening socket: 
/var/run/opendnssec/engine.sock
Mar 25 13:23:35 ns0 ods-signerd: Engine running
Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer starting...
Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer Parent exiting...
Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer forked OK...
Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer started (version 
1.1.3), pid 28820
Mar 25 13:23:36 ns0 ods-enforcerd: HSM opened successfully.
Mar 25 13:23:36 ns0 ods-enforcerd: Reading config "/etc/opendnssec/conf.xml"
Mar 25 13:23:36 ns0 ods-enforcerd: Reading config schema 
"/usr/share/opendnssec/conf.rng"
Mar 25 13:23:36 ns0 ods-enforcerd: Communication Interval: 3600
Mar 25 13:23:36 ns0 ods-enforcerd: No DS Submit command supplied
Mar 25 13:23:36 ns0 ods-enforcerd: SQLite database set to: 
/var/lib/opendnssec/db/kasp.db
Mar 25 13:23:36 ns0 ods-enforcerd: Log User set to: local0
Mar 25 13:23:36 ns0 ods-enforcerd: Switched log facility to: local0
Mar 25 13:23:36 ns0 ods-enforcerd: Connecting to Database...
Mar 25 13:23:36 ns0 ods-enforcerd: Policy test found.
Mar 25 13:23:36 ns0 ods-enforcerd: Key sharing is Off.
Mar 25 13:23:36 ns0 ods-enforcerd: Purging keys...
Mar 25 13:23:36 ns0 ods-enforcerd: zonelist filename set to 
/etc/opendnssec/zonelist.xml.
Mar 25 13:23:36 ns0 ods-enforcerd: Zone mydomaine.com found.
Mar 25 13:23:36 ns0 ods-enforcerd: Policy for mydomaine.com set to test.
Mar 25 13:23:36 ns0 ods-enforcerd: Config will be output to 
/var/lib/opendnssec/signconf/mydomaine.com.xml.
Mar 25 13:23:36 ns0 ods-enforcerd: WARNING: KSK Retirement reached; 
please submit the new DS for mydomaine.com and use ods-ksmutil key 
ds-seen when the DS appears in the DNS.
Mar 25 13:23:36 ns0 ods-enforcerd: No change to: 
/var/lib/opendnssec/signconf/mydomaine.com.xml
Mar 25 13:23:36 ns0 ods-enforcerd: Disconnecting from Database...
Mar 25 13:23:36 ns0 ods-enforcerd: Sleeping for 3600 seconds.
Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquiring lock
Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquired lock
Mar 25 13:23:36 ns0 ods-signerd: worker 1 released lock
Mar 25 13:23:36 ns0 ods-signerd: Got task for worker 1
Mar 25 13:23:36 ns0 ods-signerd: Worker 1 run task
Mar 25 13:23:36 ns0 ods-signerd: Zone action to perform: 3
Mar 25 13:23:36 ns0 ods-signerd: Run command: 
'/usr/lib/opendnssec/opendnssec/get_serial -f 
/var/chroot/bind9/var/named/masters/b/mydomaine.com'
Mar 25 13:23:36 ns0 ods-signerd: worker 2 acquiring lock
Mar 25 13:23:36 ns0 ods-signerd: worker 2 acquired lock
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 2, sleep for 0
Mar 25 13:23:36 ns0 ods-signerd: worker 2 released lock by going to wait 
(indef)
Mar 25 13:23:36 ns0 ods-signerd: worker 3 acquiring lock
Mar 25 13:23:36 ns0 ods-signerd: worker 3 acquired lock
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 3, sleep for 0
Mar 25 13:23:36 ns0 ods-signerd: worker 3 released lock by going to wait 
(indef)
Mar 25 13:23:36 ns0 ods-signerd: worker 4 acquiring lock
Mar 25 13:23:36 ns0 ods-signerd: worker 4 acquired lock
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 4, sleep for 0
Mar 25 13:23:36 ns0 ods-signerd: worker 4 released lock by going to wait 
(indef)
Mar 25 13:23:36 ns0 ods-signerd: worker 5 acquiring lock
Mar 25 13:23:36 ns0 ods-signerd: worker 5 acquired lock
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 5, sleep for 0
Mar 25 13:23:36 ns0 ods-signerd: worker 5 released lock by going to wait 
(indef)
Mar 25 13:23:36 ns0 ods-signerd: worker 6 acquiring lock
Mar 25 13:23:36 ns0 ods-signerd: worker 6 acquired lock
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 6, sleep for 0
Mar 25 13:23:36 ns0 ods-signerd: worker 6 released lock by going to wait 
(indef)
Mar 25 13:23:36 ns0 ods-signerd: Preprocessing signed zone: mydomaine.com
Mar 25 13:23:36 ns0 ods-signerd: No signed zone yet
Mar 25 13:23:36 ns0 ods-signerd: Sorting zone: mydomaine.com
Mar 25 13:23:36 ns0 ods-signerd: worker 7 acquiring lock
Mar 25 13:23:36 ns0 ods-signerd: Run command: 
'/usr/lib/opendnssec/opendnssec/quicksorter -o mydomaine.com. -f 
/var/chroot/bind9/var/named/masters/b/mydomaine.com -w 
/var/lib/opendnssec/tmp/mydomaine.com.sorted -m 3600 -t 3600'
Mar 25 13:23:36 ns0 ods-signerd: worker 7 acquired lock
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 7, sleep for 0
Mar 25 13:23:36 ns0 ods-signerd: worker 8 acquiring lock
Mar 25 13:23:36 ns0 ods-signerd: worker 7 released lock by going to wait 
(indef)
Mar 25 13:23:36 ns0 ods-signerd: worker 8 acquired lock
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 8, sleep for 0
Mar 25 13:23:36 ns0 ods-signerd: worker 8 released lock by going to wait 
(indef)
Mar 25 13:23:36 ns0 ods-signerd: Done sorting
Mar 25 13:23:36 ns0 ods-signerd: Nseccing zone: mydomaine.com
Mar 25 13:23:36 ns0 ods-signerd: No information yet for key 
14176499a031dd38a51f6096bf88275b
Mar 25 13:23:36 ns0 ods-signerd: Generating DNSKEY RR for 
14176499a031dd38a51f6096bf88275b
Mar 25 13:23:36 ns0 ods-signerd: Run command: 
'/usr/lib/opendnssec/opendnssec/get_class -f 
/var/lib/opendnssec/tmp/mydomaine.com.sorted'
Mar 25 13:23:36 ns0 ods-signerd: create_dnskey status: 0
Mar 25 13:23:36 ns0 ods-signerd: equality: True
Mar 25 13:23:36 ns0 ods-signerd: Found key 14176499a031dd38a51f6096bf88275b
Mar 25 13:23:36 ns0 ods-signerd: No information yet for key 
a043a281ae9aa134a29b65e409de8cf7
Mar 25 13:23:36 ns0 ods-signerd: Generating DNSKEY RR for 
a043a281ae9aa134a29b65e409de8cf7
Mar 25 13:23:36 ns0 ods-signerd: Run command: 
'/usr/lib/opendnssec/opendnssec/get_class -f 
/var/lib/opendnssec/tmp/mydomaine.com.sorted'
Mar 25 13:23:36 ns0 ods-signerd: create_dnskey status: 0
Mar 25 13:23:36 ns0 ods-signerd: equality: True
Mar 25 13:23:36 ns0 ods-signerd: Found key a043a281ae9aa134a29b65e409de8cf7
Mar 25 13:23:36 ns0 ods-signerd: Run command: 
'/usr/lib/opendnssec/opendnssec/get_class -f 
/var/lib/opendnssec/tmp/mydomaine.com.sorted'
Mar 25 13:23:36 ns0 ods-signerd: Run command: 
'/usr/lib/opendnssec/opendnssec/zone_reader -c /etc/opendnssec/conf.xml 
-f /var/lib/opendnssec/tmp/mydomaine.com.sorted -k 1 -o mydomaine.com -s 
/var/lib/opendnssec/signconf/mydomaine.com.xml -w 
/var/lib/opendnssec/tmp/mydomaine.com.nsecced -x 
/var/lib/opendnssec/tmp/mydomaine.com.optout'
Mar 25 13:23:36 ns0 ods-signerd: Writing file to zone_reader: 
/var/lib/opendnssec/tmp/mydomaine.com.sorted
Mar 25 13:23:36 ns0 ods-signerd: Done nseccing
Mar 25 13:23:36 ns0 ods-signerd: Run command: 
'/usr/lib/opendnssec/opendnssec/get_serial -f 
/var/chroot/bind9/var/named/masters/b/mydomaine.com'
Mar 25 13:23:36 ns0 ods-signerd: Run command: 
'/usr/lib/opendnssec/opendnssec/signer -c /etc/opendnssec/conf.xml -p 
/var/lib/opendnssec/tmp/mydomaine.com.signed -w 
/var/lib/opendnssec/tmp/mydomaine.com.signed2 -r -l local0'
Mar 25 13:23:36 ns0 ods-signerd: write to subp:
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :origin mydomaine.com
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :soa_ttl 3600
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :soa_minimum 3600
Mar 25 13:23:36 ns0 ods-signerd: set serial to 2014032504
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :soa_serial 2014032504
Mar 25 13:23:36 ns0 ods-signerd: set nsec3 values
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :nsec3_algorithm 1
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :nsec3_iterations 5
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :nsec3_salt 8fce702f0d05922f
Mar 25 13:23:36 ns0 ods-signerd: sign time: 20140325122336
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :expiration 20140327122336
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :expiration_denial 
20140327122336
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :jitter 7200
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :inception 20140325122236
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :refresh 20140326122336
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :refresh_denial 
20140326122336
Mar 25 13:23:36 ns0 ods-signerd: use signature key: 
14176499a031dd38a51f6096bf88275b
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :add_ksk 
14176499a031dd38a51f6096bf88275b 7 257
Mar 25 13:23:36 ns0 ods-signerd: use signature key: 
a043a281ae9aa134a29b65e409de8cf7
Mar 25 13:23:36 ns0 ods-signerd: write to subp: :add_zsk 
a043a281ae9aa134a29b65e409de8cf7 7 256
Mar 25 13:23:36 ns0 ods-signerd: signer stderr: signer: number of 
signatures created: 0 (within a second)
Mar 25 13:23:36 ns0 ods-signerd: Created 0 new signatures
Mar 25 13:23:36 ns0 ods-signerd: Run command: 
'/usr/lib/opendnssec/opendnssec/finalizer -f 
/var/lib/opendnssec/tmp/mydomaine.com.signed -x 
/var/lib/opendnssec/tmp/mydomaine.com.optout'
Mar 25 13:23:36 ns0 ods-signerd: Running auditor on zone
Mar 25 13:23:36 ns0 ods-signerd: Run command: '/usr/bin/ods-auditor -c 
/etc/opendnssec/conf.xml -s 
/var/lib/opendnssec/tmp/mydomaine.com.finalized -z mydomaine.com'
Mar 25 13:23:36 ns0 ods-signerd: command not found: /usr/bin/ods-auditor
Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquiring lock
Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquired lock
Mar 25 13:23:36 ns0 ods-signerd: no task for worker 1, sleep for 
7199.81595612
Mar 25 13:23:36 ns0 ods-signerd: worker 1 released lock by going to wait 
(for ttime)

Someone idea to help me!

Best Regards,
Ramanou
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140325/a4a78ab5/attachment.htm>

More information about the Opendnssec-user mailing list