[Opendnssec-user] zones with TLSA records need to: ods-signerd: [tools] unable to read zone

Matthijs Mekking matthijs at pletterpet.nl
Sun Apr 26 10:44:20 UTC 2015


Hi Michael,

OpenDNSSEC makes use of ldns for reading the resource records. Which
version of ldns is installed on your system and does that one already
support TLSA?

Best regards,
  Matthijs

On 25-04-15 16:55, Michael Grimm wrote:
> Hi —
> 
> This is with opendnssec 1.4.7 and nsd 4.1.2 in a FBSD10-STABLE jail.
> 
> I recently noticed, after trying to modify one of my zones, that some of my zones fail zone transfers (one example):
> 
> 	ods-signerd: [signconf] zone MY.TLD signconf: RESIGN[PT7200S] REFRESH[PT259200S] \
> 		VALIDITY[PT1209600S] DENIAL[PT1209600S] JITTER[PT43200S] OFFSET[PT3600S] NSEC[50] \
> 		DNSKEYTTL[PT3600S] SOATTL[PT3600S] MINIMUM[PT3600S] SERIAL[datecounter]
> 	ods-signerd: [tools] unable to read zone MY.TLD: adapter failed (Incoming zone transfer not ready)
> 
> Clearing /usr/local/var/opendnssec/tmp and restarting opendnssec didn't work, though.
> 
> All failing zones do have TLSA records in contrast to those zones transfering well. Thus I did remove those TLSA records for testing, and yes, now zone transfers work without any issue.
> 
> Questions:
> 
> 1) Known issue?
> 2) Someone else observing this?
> 3) Is nsd to blame? (There has been an upgrade from 4.1.1 in February and opendnssec is from Dec 2014)
> 4) Will key rollovers work before having that issue solved? (my ZSK are do to rollover in a couple of days)
> 5) What else should I try in order to debug this issue?
> 
> Regards and thanks in advance,
> Michael
> 
> 
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> 




More information about the Opendnssec-user mailing list