[Opendnssec-user] CRITICAL: failed to sign zone

Andrew Ivanov ivanov at data1.co
Fri Aug 16 14:36:30 UTC 2019


On Fri, Aug 16, 2019 at 03:13:45PM +0200, Ulrich-Lorenz Schl??ter wrote:
> Hello list
> 
> I just set up
> opendnssec version 1.4.14 and softhsm version 2.5.0
> 
> Aug 16 14:52:03 one ods-signerd[4293]: [xfrd] zone schlueter.family
> request axfr to 127.0.0.1
> Aug 16 14:52:03 one ods-signerd[4293]: [xfrd] zone sycosys.de request
> axfr to 127.0.0.1
> Aug 16 14:52:03 one ods-signerd[4293]: [xfrd] zone schlueter.family
> transfer done [notify acquired 0, serial on disk 1565763800, notify
> serial 0]
> Aug 16 14:52:03 one ods-signerd[4293]: [xfrd] zone sycosys.de transfer
> done [notify acquired 0, serial on disk 1565763800, notify serial 0]
> Aug 16 14:52:03 one ods-signerd[4293]: [worker[1]] continue task
> [configure] for zone sycosys.de
> Aug 16 14:52:03 one ods-signerd[4293]: [worker[2]] continue task
> [configure] for zone schlueter.family
> Aug 16 14:52:03 one ods-signerd[4293]: [worker[1]] CRITICAL: failed to
> sign zone sycosys.de: General error
> Aug 16 14:52:03 one ods-signerd[4293]: [worker[1]] backoff task
> [configure] for zone sycosys.de with 60 seconds
> Aug 16 14:52:03 one ods-signerd[4293]: [worker[2]] CRITICAL: failed to
> sign zone schlueter.family: General error
> Aug 16 14:52:03 one ods-signerd[4293]: [worker[2]] backoff task
> [configure] for zone schlueter.family with 60 seconds
> Aug 16 14:52:03 one ods-signerd[4293]: [query] ignore notify from
> 127.0.0.1: already got zone schlueter.family serial 1565763800 on disk
> (received 1565763800)
> Aug 16 14:53:03 one ods-signerd[4293]: [worker[2]] CRITICAL: failed to
> sign zone schlueter.family: General error
> Aug 16 14:53:03 one ods-signerd[4293]: [worker[1]] CRITICAL: failed to
> sign zone sycosys.de: General error
> Aug 16 14:53:03 one ods-signerd[4293]: [worker[2]] backoff task
> [configure] for zone schlueter.family with 120 seconds
> Aug 16 14:53:03 one ods-signerd[4293]: [worker[1]] backoff task
> [configure] for zone sycosys.de with 120 seconds
> 
> What should I investigate and do first?

Hi. 

You should change opendnssec logging level.

for example, in conf.xml:

<Logging>
 <Verbosity>7</Verbosity>
 <Syslog><Facility>local0</Facility></Syslog>
</Logging>

and in syslog.conf:

local0.*                                        /var/log/opendnssec.log

Then restart syslogd, restart engine and check /var/log/opendnssec.log for more 
information about the problem.

Regards,
Andrew Ivanov

> 
> Thanks & regards
> Uli
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user



More information about the Opendnssec-user mailing list