[Opendnssec-user] Re: OpenDNSSEC Signer TroubleS

Ramanou Biaou ramanou at netim.com
Tue Mar 25 13:46:06 UTC 2014 

I could solve the problem
I missed ods-auditor
Just do apt-get install-opendnssec-auditor

Ramanou
Le 25/03/2014 13:30, Ramanou Biaou a écrit :
> Hello!
> I have some problems with my opendnssec,
>
> Signed files are not in the directory I specified in "zonelist.xml"
>
> <ZoneList>
>         <Zone name="mydomaine.com">
>                 <Policy>test</Policy>
> <SignerConfiguration>/var/lib/opendnssec/signconf/mydomaine.com.xml</SignerConfiguration>
>                 <Adapters>
>                         <Input>
> <File>/var/chroot/bind9/var/named/masters/b/mydomaine.com</File>
>                         </Input>
>                         <Output>
> <File>/var/chroot/bind9/var/named/masters/b/mydomaine.com.signed</File>
>                         </Output>
>                 </Adapters>
>         </Zone>
> </ZoneList>
>
>
> The signed files are put in the tmp/ directory
> *
> **And in my log I have some informations**
> *
> Mar 25 13:23:35 ns0 ods-signerd: acquire cond
> Mar 25 13:23:35 ns0 ods-signerd: notify
> Mar 25 13:23:35 ns0 ods-signerd: release cond
> Mar 25 13:23:35 ns0 ods-signerd: Releasing lock on zone mydomaine.com
> Mar 25 13:23:35 ns0 ods-signerd: No output file found, seconds to 
> resign: 0
> Mar 25 13:23:35 ns0 ods-signerd: Scheduling task to sign zone 
> mydomaine.com at 1395750215.98 with resign time 7200
> Mar 25 13:23:35 ns0 ods-signerd: acquire cond
> Mar 25 13:23:35 ns0 ods-signerd: notify
> Mar 25 13:23:35 ns0 ods-signerd: release cond
> Mar 25 13:23:35 ns0 ods-signerd: Zone mydomaine.com added
> Mar 25 13:23:35 ns0 ods-signerd: additional groups: [109, 999]
> Mar 25 13:23:35 ns0 ods-signerd: Drop privileges to group opendnssec
> Mar 25 13:23:35 ns0 ods-signerd: Drop privileges to user opendnssec
> Mar 25 13:23:35 ns0 ods-signerd: opening socket: 
> /var/run/opendnssec/engine.sock
> Mar 25 13:23:35 ns0 ods-signerd: Engine running
> Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer starting...
> Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer Parent exiting...
> Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer forked OK...
> Mar 25 13:23:36 ns0 ods-enforcerd: opendnssec-enforcer started 
> (version 1.1.3), pid 28820
> Mar 25 13:23:36 ns0 ods-enforcerd: HSM opened successfully.
> Mar 25 13:23:36 ns0 ods-enforcerd: Reading config 
> "/etc/opendnssec/conf.xml"
> Mar 25 13:23:36 ns0 ods-enforcerd: Reading config schema 
> "/usr/share/opendnssec/conf.rng"
> Mar 25 13:23:36 ns0 ods-enforcerd: Communication Interval: 3600
> Mar 25 13:23:36 ns0 ods-enforcerd: No DS Submit command supplied
> Mar 25 13:23:36 ns0 ods-enforcerd: SQLite database set to: 
> /var/lib/opendnssec/db/kasp.db
> Mar 25 13:23:36 ns0 ods-enforcerd: Log User set to: local0
> Mar 25 13:23:36 ns0 ods-enforcerd: Switched log facility to: local0
> Mar 25 13:23:36 ns0 ods-enforcerd: Connecting to Database...
> Mar 25 13:23:36 ns0 ods-enforcerd: Policy test found.
> Mar 25 13:23:36 ns0 ods-enforcerd: Key sharing is Off.
> Mar 25 13:23:36 ns0 ods-enforcerd: Purging keys...
> Mar 25 13:23:36 ns0 ods-enforcerd: zonelist filename set to 
> /etc/opendnssec/zonelist.xml.
> Mar 25 13:23:36 ns0 ods-enforcerd: Zone mydomaine.com found.
> Mar 25 13:23:36 ns0 ods-enforcerd: Policy for mydomaine.com set to test.
> Mar 25 13:23:36 ns0 ods-enforcerd: Config will be output to 
> /var/lib/opendnssec/signconf/mydomaine.com.xml.
> Mar 25 13:23:36 ns0 ods-enforcerd: WARNING: KSK Retirement reached; 
> please submit the new DS for mydomaine.com and use ods-ksmutil key 
> ds-seen when the DS appears in the DNS.
> Mar 25 13:23:36 ns0 ods-enforcerd: No change to: 
> /var/lib/opendnssec/signconf/mydomaine.com.xml
> Mar 25 13:23:36 ns0 ods-enforcerd: Disconnecting from Database...
> Mar 25 13:23:36 ns0 ods-enforcerd: Sleeping for 3600 seconds.
> Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquiring lock
> Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquired lock
> Mar 25 13:23:36 ns0 ods-signerd: worker 1 released lock
> Mar 25 13:23:36 ns0 ods-signerd: Got task for worker 1
> Mar 25 13:23:36 ns0 ods-signerd: Worker 1 run task
> Mar 25 13:23:36 ns0 ods-signerd: Zone action to perform: 3
> Mar 25 13:23:36 ns0 ods-signerd: Run command: 
> '/usr/lib/opendnssec/opendnssec/get_serial -f 
> /var/chroot/bind9/var/named/masters/b/mydomaine.com'
> Mar 25 13:23:36 ns0 ods-signerd: worker 2 acquiring lock
> Mar 25 13:23:36 ns0 ods-signerd: worker 2 acquired lock
> Mar 25 13:23:36 ns0 ods-signerd: no task for worker 2, sleep for 0
> Mar 25 13:23:36 ns0 ods-signerd: worker 2 released lock by going to 
> wait (indef)
> Mar 25 13:23:36 ns0 ods-signerd: worker 3 acquiring lock
> Mar 25 13:23:36 ns0 ods-signerd: worker 3 acquired lock
> Mar 25 13:23:36 ns0 ods-signerd: no task for worker 3, sleep for 0
> Mar 25 13:23:36 ns0 ods-signerd: worker 3 released lock by going to 
> wait (indef)
> Mar 25 13:23:36 ns0 ods-signerd: worker 4 acquiring lock
> Mar 25 13:23:36 ns0 ods-signerd: worker 4 acquired lock
> Mar 25 13:23:36 ns0 ods-signerd: no task for worker 4, sleep for 0
> Mar 25 13:23:36 ns0 ods-signerd: worker 4 released lock by going to 
> wait (indef)
> Mar 25 13:23:36 ns0 ods-signerd: worker 5 acquiring lock
> Mar 25 13:23:36 ns0 ods-signerd: worker 5 acquired lock
> Mar 25 13:23:36 ns0 ods-signerd: no task for worker 5, sleep for 0
> Mar 25 13:23:36 ns0 ods-signerd: worker 5 released lock by going to 
> wait (indef)
> Mar 25 13:23:36 ns0 ods-signerd: worker 6 acquiring lock
> Mar 25 13:23:36 ns0 ods-signerd: worker 6 acquired lock
> Mar 25 13:23:36 ns0 ods-signerd: no task for worker 6, sleep for 0
> Mar 25 13:23:36 ns0 ods-signerd: worker 6 released lock by going to 
> wait (indef)
> Mar 25 13:23:36 ns0 ods-signerd: Preprocessing signed zone: mydomaine.com
> Mar 25 13:23:36 ns0 ods-signerd: No signed zone yet
> Mar 25 13:23:36 ns0 ods-signerd: Sorting zone: mydomaine.com
> Mar 25 13:23:36 ns0 ods-signerd: worker 7 acquiring lock
> Mar 25 13:23:36 ns0 ods-signerd: Run command: 
> '/usr/lib/opendnssec/opendnssec/quicksorter -o mydomaine.com. -f 
> /var/chroot/bind9/var/named/masters/b/mydomaine.com -w 
> /var/lib/opendnssec/tmp/mydomaine.com.sorted -m 3600 -t 3600'
> Mar 25 13:23:36 ns0 ods-signerd: worker 7 acquired lock
> Mar 25 13:23:36 ns0 ods-signerd: no task for worker 7, sleep for 0
> Mar 25 13:23:36 ns0 ods-signerd: worker 8 acquiring lock
> Mar 25 13:23:36 ns0 ods-signerd: worker 7 released lock by going to 
> wait (indef)
> Mar 25 13:23:36 ns0 ods-signerd: worker 8 acquired lock
> Mar 25 13:23:36 ns0 ods-signerd: no task for worker 8, sleep for 0
> Mar 25 13:23:36 ns0 ods-signerd: worker 8 released lock by going to 
> wait (indef)
> Mar 25 13:23:36 ns0 ods-signerd: Done sorting
> Mar 25 13:23:36 ns0 ods-signerd: Nseccing zone: mydomaine.com
> Mar 25 13:23:36 ns0 ods-signerd: No information yet for key 
> 14176499a031dd38a51f6096bf88275b
> Mar 25 13:23:36 ns0 ods-signerd: Generating DNSKEY RR for 
> 14176499a031dd38a51f6096bf88275b
> Mar 25 13:23:36 ns0 ods-signerd: Run command: 
> '/usr/lib/opendnssec/opendnssec/get_class -f 
> /var/lib/opendnssec/tmp/mydomaine.com.sorted'
> Mar 25 13:23:36 ns0 ods-signerd: create_dnskey status: 0
> Mar 25 13:23:36 ns0 ods-signerd: equality: True
> Mar 25 13:23:36 ns0 ods-signerd: Found key 
> 14176499a031dd38a51f6096bf88275b
> Mar 25 13:23:36 ns0 ods-signerd: No information yet for key 
> a043a281ae9aa134a29b65e409de8cf7
> Mar 25 13:23:36 ns0 ods-signerd: Generating DNSKEY RR for 
> a043a281ae9aa134a29b65e409de8cf7
> Mar 25 13:23:36 ns0 ods-signerd: Run command: 
> '/usr/lib/opendnssec/opendnssec/get_class -f 
> /var/lib/opendnssec/tmp/mydomaine.com.sorted'
> Mar 25 13:23:36 ns0 ods-signerd: create_dnskey status: 0
> Mar 25 13:23:36 ns0 ods-signerd: equality: True
> Mar 25 13:23:36 ns0 ods-signerd: Found key 
> a043a281ae9aa134a29b65e409de8cf7
> Mar 25 13:23:36 ns0 ods-signerd: Run command: 
> '/usr/lib/opendnssec/opendnssec/get_class -f 
> /var/lib/opendnssec/tmp/mydomaine.com.sorted'
> Mar 25 13:23:36 ns0 ods-signerd: Run command: 
> '/usr/lib/opendnssec/opendnssec/zone_reader -c 
> /etc/opendnssec/conf.xml -f 
> /var/lib/opendnssec/tmp/mydomaine.com.sorted -k 1 -o mydomaine.com -s 
> /var/lib/opendnssec/signconf/mydomaine.com.xml -w 
> /var/lib/opendnssec/tmp/mydomaine.com.nsecced -x 
> /var/lib/opendnssec/tmp/mydomaine.com.optout'
> Mar 25 13:23:36 ns0 ods-signerd: Writing file to zone_reader: 
> /var/lib/opendnssec/tmp/mydomaine.com.sorted
> Mar 25 13:23:36 ns0 ods-signerd: Done nseccing
> Mar 25 13:23:36 ns0 ods-signerd: Run command: 
> '/usr/lib/opendnssec/opendnssec/get_serial -f 
> /var/chroot/bind9/var/named/masters/b/mydomaine.com'
> Mar 25 13:23:36 ns0 ods-signerd: Run command: 
> '/usr/lib/opendnssec/opendnssec/signer -c /etc/opendnssec/conf.xml -p 
> /var/lib/opendnssec/tmp/mydomaine.com.signed -w 
> /var/lib/opendnssec/tmp/mydomaine.com.signed2 -r -l local0'
> Mar 25 13:23:36 ns0 ods-signerd: write to subp:
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :origin mydomaine.com
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :soa_ttl 3600
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :soa_minimum 3600
> Mar 25 13:23:36 ns0 ods-signerd: set serial to 2014032504
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :soa_serial 2014032504
> Mar 25 13:23:36 ns0 ods-signerd: set nsec3 values
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :nsec3_algorithm 1
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :nsec3_iterations 5
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :nsec3_salt 
> 8fce702f0d05922f
> Mar 25 13:23:36 ns0 ods-signerd: sign time: 20140325122336
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :expiration 20140327122336
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :expiration_denial 
> 20140327122336
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :jitter 7200
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :inception 20140325122236
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :refresh 20140326122336
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :refresh_denial 
> 20140326122336
> Mar 25 13:23:36 ns0 ods-signerd: use signature key: 
> 14176499a031dd38a51f6096bf88275b
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :add_ksk 
> 14176499a031dd38a51f6096bf88275b 7 257
> Mar 25 13:23:36 ns0 ods-signerd: use signature key: 
> a043a281ae9aa134a29b65e409de8cf7
> Mar 25 13:23:36 ns0 ods-signerd: write to subp: :add_zsk 
> a043a281ae9aa134a29b65e409de8cf7 7 256
> Mar 25 13:23:36 ns0 ods-signerd: signer stderr: signer: number of 
> signatures created: 0 (within a second)
> Mar 25 13:23:36 ns0 ods-signerd: Created 0 new signatures
> Mar 25 13:23:36 ns0 ods-signerd: Run command: 
> '/usr/lib/opendnssec/opendnssec/finalizer -f 
> /var/lib/opendnssec/tmp/mydomaine.com.signed -x 
> /var/lib/opendnssec/tmp/mydomaine.com.optout'
> Mar 25 13:23:36 ns0 ods-signerd: Running auditor on zone
> Mar 25 13:23:36 ns0 ods-signerd: Run command: '/usr/bin/ods-auditor -c 
> /etc/opendnssec/conf.xml -s 
> /var/lib/opendnssec/tmp/mydomaine.com.finalized -z mydomaine.com'
> Mar 25 13:23:36 ns0 ods-signerd: command not found: /usr/bin/ods-auditor
> Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquiring lock
> Mar 25 13:23:36 ns0 ods-signerd: worker 1 acquired lock
> Mar 25 13:23:36 ns0 ods-signerd: no task for worker 1, sleep for 
> 7199.81595612
> Mar 25 13:23:36 ns0 ods-signerd: worker 1 released lock by going to 
> wait (for ttime)
>
> Someone idea to help me!
>
> Best Regards,
> Ramanou

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140325/2e6ddb49/attachment.htm>

More information about the Opendnssec-user mailing list