[Opendnssec-user] ods-signer -- missing robustness?
Havard Eidnes
he at uninett.no
Tue Mar 31 17:17:20 UTC 2015
Hi,
due to a local power issue, my OpenDNSSEC host had an unclean shutdown
today. This may have caused some temporary files' content either to
be corrupted or become empty, although the FS I run on is supposed to
maintain "metadata integrity", and I didn't find any empty "tmp" files
in OpenDNSSEC's tmp/ directory.
However, when the host came back up, the OpenDNSSEC signer refused to
play ball and logged:
Mar 31 19:02:06 sss ods-signerd: [backup] bad ixfr journal: trailing RRs after final SOA
Mar 31 19:02:06 sss ods-signerd: [backup] bad ixfr journal: trailing RRs after final SOA
Mar 31 19:02:21 sss ods-signerd: signer/ixfr.c:230: part_print: assertion part->soamin failed
and then exited. If IXFR for some reason fails (such as corrupted
IXFR state), I would have thought it would be better to abandon the
IXFR state and revert to AXFR, instead of crashing?
The other slightly annoying thing is that none of the error messages
give any hint as to which zone this concerns.
I ended up renaming away the /var/opendnssec/tmp directory (the files
it complained about are there still) and I restarted opendnssec, which
appears to have broght back normalcy.
Regards,
- Håvard
More information about the Opendnssec-user
mailing list