[Opendnssec-user] ODS 2.0.1 did not start after reboot.

Berry A.W. van Halderen berry at nlnetlabs.nl
Tue Aug 30 08:02:44 UTC 2016

I'm resending the message because it may have been missed by people
on the user list as it was the subject contained the word spam.
Unfortunately the original message was marked as spam because of
high rating in bad To: address.


On 08/30/2016 09:59 AM, Berry A.W. van Halderen wrote:
> Thanks for your feedback, good to see 2.0.1 in the real world!
> Unfortunately, this is specific to how some Linux distributions work,
> and it is not easy to create a consistent fix for it.
> The best way is for package providers for the distributions should
> create a fix in their system.
> The problem lies in the fact that some distributions regard /var/run to
> be completely volatile.  Any content in this directory is removed on a
> reboot.
> Now OpenDNSSEC uses multiple files that should go into /var/run.
> Multiple files containing PIDs and sockets.  It is not uncommon to
> want to bundle them into a directory below /var/run.
> Now you could say just create the directory if it does not exist.
> However here the trouble starts.  The directory is not always writable
> for any other user.  And if you do not start the daemon as root,
> the directory cannot be created.  Giving a bad user experience to
> others.  More over, since this directory can also be located elsewhere
> we cannot assume at all to have write permissions to create the
> directory.
> What normally happens, is that package providers for such distributions
> either make an exception for /var/run/opendnssec to not be removed, or
> add the sequence to create the directory after a reboot.
> We however cannot make such a patch to the system ourselved, afaik.
> It is also possible for you to locate the /var/run/opendnssec directory
> elsewhere.  It is part of the standard options of the autoconf when
> compiling.
> With kind regards,
> Berry van Halderen
> PS: a better warning concerning this problem during reboot should be
> outputted by OpenDNSSEC.  That is very much true.

More information about the Opendnssec-user mailing list