[Opendnssec-user] Opendnssec-user Digest, Vol 109, Issue 3

Abdulkareem H. Ali kareem.ali at centralnic.com
Wed Aug 8 13:20:27 UTC 2018

Hi Maurice,

We have the same issue. My setup is ODS 1.4.12 with ThalesHSM as a backend, on CentOS 7 systems. 

The issue started for us when we migrated from SoftHSM to ThalesHSM. Not sure if the issue happens cause we're not using SoftHSM or if it is related to ThalesHSM software it self.

Since then I've been pregenerating keys to avoid it causing problems.

If a fix would be found, that would be great. Our logs shows the exact same error that you see.


P.S. I've just subscribed to this list, so, sorry if this email comes in incorrect format cause I manually started the reply.

>Message: 1
>Date: Tue, 7 Aug 2018 16:07:51 +0200
>From: Maurice Mahieu <maurice at info.nl>
>To: opendnssec-user at lists.opendnssec.org
>Subject: [Opendnssec-user] signer daemon bug
>Message-ID: <2cfb1950-2d4d-bc20-243c-ac897fbde6e1 at info.nl>
>Content-Type: text/plain; charset="utf-8"; Format="flowed"
>It seems Like I have a bug on opendnssec-1.4.13-1.el7.x86_64.
>Sometimes a zone sign fails and the next message appears in the log.
>Aug? 7 14:09:04 ns04 ods-signerd: [hsm] C_GetAttributeValue: 
>Aug? 7 14:09:04 ns04 ods-signerd: [hsm] unable to get key: hsm failed to 
>create dnskey
>Aug? 7 14:09:04 ns04 ods-signerd: [zone] unable to publish dnskeys for 
>zone $zone : error creating dnskey
>Aug? 7 14:09:04 ns04 ods-signerd: [tools] unable to read zone $zone: 
>failed to publish dnskeys (General error)
>Aug? 7 14:09:04 ns04 ods-signerd: [worker[2]] CRITICAL: failed to sign 
>zone $zone : General error
>Aug? 7 14:09:04 ns04 ods-signerd: [worker[2]] backoff task [read] for 
>zone $zone? with 3600 seconds
>After a restart of ods-signerd the problem disappears.
>Does anybody experience the same behavoir ?

Abdulkareem H. Ali
Operations Team Leader
CentralNic Group PLC
London Stock Exchange Symbol: CNIC

+44 20 3388 0600

CentralNic Group PLC is a company registered in England and Wales with
company number 8576358. Registered Offices: 35-39 Moorgate, London, EC2R

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20180808/f5780cd5/attachment.htm>

More information about the Opendnssec-user mailing list