[Opendnssec-user] opendnssec2 signing error: "unable to add rr to zone: soa record has invalid owner name" ?

PGNet Dev pgnet.dev at gmail.com
Mon Dec 19 14:29:14 UTC 2016

On 12/19/2016 12:21 AM, Hoda Rohani wrote:
> ods 2.X now accepts these kind of format: '1W' and '3H'.


> Name of zone file must match the name of zone, that was your problem.

realized that since my zone files  (a) are in a chroot and (b) contain INCLUDE stmts, that a compiled version was needed for opendnssec to process

	mkdir -p /svr/named/namedb/compiled
	named-compilezone \
	-t "/svr/named" \
	-f text -F text \
	-o /namedb/compiled/example.info.compiled \
	example.info /namedb/master/example.info.zone

then matching the zone name with the zonefile name

	mv /svr/named/namedb/compiled/example.info.compiled


	/usr/local/opendnssec/sbin/ods-enforcer zone delete --all

then signing

	/usr/local/opendnssec/sbin/ods-enforcer zone add -z example.info.zone -p lab

now works

	ls -al /var/opendnssec/signed/example.info
		-rw-r--r-- 1 root root 11K Dec 19 06:14 /var/opendnssec/signed/example.info


Fwiw, in the OP, that the output of the enforcer command reported

	Zone example.info added successfully

when it wasn't being created, and the logs clearly contained errors is misleading.  It'd be useful to have the signing step report an error at console ...

More information about the Opendnssec-user mailing list