[Opendnssec-user] opendnssec2 signing error: "unable to add rr to zone: soa record has invalid owner name" ?
PGNet Dev
pgnet.dev at gmail.com
Mon Dec 19 14:29:14 UTC 2016
On 12/19/2016 12:21 AM, Hoda Rohani wrote:
> ods 2.X now accepts these kind of format: '1W' and '3H'.
ok
> Name of zone file must match the name of zone, that was your problem.
realized that since my zone files (a) are in a chroot and (b) contain INCLUDE stmts, that a compiled version was needed for opendnssec to process
mkdir -p /svr/named/namedb/compiled
named-compilezone \
-t "/svr/named" \
-f text -F text \
-o /namedb/compiled/example.info.compiled \
example.info /namedb/master/example.info.zone
then matching the zone name with the zonefile name
mv /svr/named/namedb/compiled/example.info.compiled
/var/opendnssec/unsigned/example.info
cleaning
/usr/local/opendnssec/sbin/ods-enforcer zone delete --all
then signing
/usr/local/opendnssec/sbin/ods-enforcer zone add -z example.info.zone -p lab
now works
ls -al /var/opendnssec/signed/example.info
-rw-r--r-- 1 root root 11K Dec 19 06:14 /var/opendnssec/signed/example.info
Thanks.
Fwiw, in the OP, that the output of the enforcer command reported
Zone example.info added successfully
when it wasn't being created, and the logs clearly contained errors is misleading. It'd be useful to have the signing step report an error at console ...
More information about the Opendnssec-user
mailing list