[Opendnssec-user] OpenDNSSEC signer engine: Crashes on OpenBSD with: Bus error in ldns_rr_clone

Robb rlp at tson.de
Mon Sep 21 19:41:23 UTC 2020 

Hi All,

I recreated my dnssec/opendnssec configuration from scratch (as far as I can
tell, I used "ods-enforcer-db-setup" as described under "clear all state and
start over").

However after restarting I still see the same issue that I described in
August i.e. the ods-signerd crashes on startup (see below).

I would be grateful for any suggestions how to proceed. Is there any
additional debugging info. which I could collect that might help with
analysis of the problem?

Anybody out there actually using Opendnssec on OpenBSD?

Thanks in advance.

Yours,
Robb.


On 27 Aug, Robb wrote:
> ...
> I am attempting to setup secure DNS on an OpenBSD 6.7 system using NSD,
> Unbound and Opendnssec.
> 
> I seem to have arrived at a point where the ods-signerd daemon crashes on
> startup i.e.
> > # ods-signerd -dv
> > OpenDNSSEC signer engine version 2.1.6
> > Bus error in ldns_rr_clone
> > Threaddump
> > Threaddump
> > Threaddump
> > Threaddump
> > Threaddump
> > Threaddump
> > Threaddump
> > Threaddump
> > Threaddump
> > Threaddump
> > Bus error
> 
> AFAICT no core file is dumped/written, so I can't give you a stacktrace or
> other useful info.
> 
> Also, another related issue. The RC script to manage Opendnssec reports a
> status of OK even after ods-signerd has crashed i.e.
> > # rcctl check opendnssec
> > opendnssec(ok)
> 
> I only realised the issue because of this "hint" in the syslog.daemon file:
> > ... ods-signerd: [util] pidfile /var/run/opendnssec/signerd.pid already exists, but no process with pid 60272 is running. A previous instance didn't shutdown cleanly, this pidfile is stale.
> 
> In the meantime it seems to have stopped logging even that message. I assume
> I have made some configuration error and that that is what is triggering the
> crash. I am open to helpful suggestions about what might be wrong, however
> at this point I will probably reinitialise the configuration and try
> starting again, from scratch.
> 
> I have a couple of other error that get logged, I don't know if they might
> somehow be related ...
> 
> 1. At startup NSD logs this, but then seems to carry on and function
> normally, at least to judge by the log messages.
> > ... nsd[84130]: zonefile /var/opendnssec/signed/xxx.de does not exist
> That file does exist and is readable by _nsd (the associated username).
> 
> 2. I am also unsure what this might mean:
> > ... ods-enforcerd: [signconf_cmd] unable to notify signer of signconf changes for zone xxx.de!
> 
> Thanks in advance!
> ...

More information about the Opendnssec-user mailing list