[Opendnssec-user] CRITICAL: failed to sign zone example.com: General error
Michael Grimm
trashcan at ellael.org
Wed Jan 18 18:53:23 UTC 2017
PGNet Dev <pgnet.dev at gmail.com> wrote:
> I've seen this before
>
>> Jan 18 17:11:26 dns2 ods-signerd: [file] open file file=/usr/local/var/opendnssec/signconf/example.com.xml mode=reading
>> Jan 18 17:11:26 dns2 ods-signerd: [file] unable to open file /usr/local/var/opendnssec/signconf/example.com.xml for reading: No such file or directory
>
> albeit with ods 2.1x ... here, it was perms.
>
> Do user/group shown in
>
> ps aux | grep ods
>
> match perms on
>
> /usr/local/var/opendnssec/signconf
> /usr/local/var/opendnssec/signconf/example.com.xml
>
> ?
ods-signerd/enforcerd both run uid root; permissions of directories in /usr/local/var/opendnssec are opendnssec:opendnssec, though.
BUT: /usr/local/var/opendnssec/signconf/example.com.xml is missing because I cleaned that directory on purpose in order to recover from my issue. If I am not mistaken are those files in /usr/local/var/opendnssec/signconf rebuild after restarting opendnssec's deamons. My issue is that ods-enforcerd isn't able to allocate a ZSK although such a key is available in HSM:
Jan 18 07:10:13 dns2 ods-enforcerd: Error allocating zsks to zone example.com
Jan 18 07:11:26 dns2 ods-signerd: [worker[3]] CRITICAL: failed to sign zone example.com: General error
Regards,
Michael
More information about the Opendnssec-user
mailing list