[Opendnssec-user] (was: logging)
Randy Bush
randy at psg.com
Tue Sep 22 01:02:10 UTC 2020
sorry for the long saga
i was just trying to fix logging to syslog and beating my head against
the bricks. so i decided to back off, reinstall latest opendnssec and
softhsm2
rip.psg.com:# softhsm2-util --version
2.6.1
rip.psg.com:# ods-hsmutil -V
ods-hsmutil (opendnssec) version 2.1.6
softhsm2 build from source on github ok, and `make check` looks fine
PASS: p11test
============================================================================
Testsuite summary for SoftHSM 2.6.1
============================================================================
# TOTAL: 1
# PASS: 1
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
============================================================================
opendnssec from github will not `./configure`
checking for MHD_start_daemon... no
checking for MHD_start_daemon in -lmicrohttpd... no
configure: error: No libmicrohttpd found
but it is there
rip.psg.com:# pkg install libmicrohttpd
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
so what the heck, i installed opendnssec binary from freebsd packaged
ports
then i try `service opensndsec start` and it logs (in /var/log/messages)
Sep 22 00:37:46 rip p11test[87307]: SoftHSM.cpp(12412): pSourceData must be NULL
Sep 22 00:37:46 rip syslogd: last message repeated 1 times
Sep 22 00:37:46 rip p11test[87307]: SoftHSM.cpp(12417): ulSourceDataLen must be 0
Sep 22 00:37:46 rip p11test[87307]: SoftHSM.cpp(424): SoftHSM is already initialized
Sep 22 00:37:46 rip p11test[87308]: SoftHSM.cpp(424): SoftHSM is already initialized
Sep 22 00:37:46 rip p11test[87307]: SoftHSM.cpp(424): SoftHSM is already initialized
Sep 22 00:37:46 rip p11test[87308]: SoftHSM.cpp(424): SoftHSM is already initialized
Sep 22 00:37:52 rip sshd[87364]: Connection closed by 198.180.150.1 port 33930 [preauth]
Sep 22 00:39:46 rip sshd[87366]: Received disconnect from 222.186.42.213 port 49074:11: [preauth]
Sep 22 00:39:46 rip sshd[87366]: Disconnected from 222.186.42.213 port 49074 [preauth]
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for transition but key material not backed up yet (828ffdc5e29abf35fd7fe80f2a084f74)
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for transition but key material not backed up yet (b59053fb3c7d8a44398dc41a75d14752)
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for transition but key material not backed up yet (30bbc11085a0f77f0b55a38014926e5c)
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for transition but key material not backed up yet (86f107d6113605d7f09dc9747809332b)
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for transition but key material not backed up yet (d9b17ff1c8c52f8b21978097c69ca93e)
Sep 22 00:42:21 rip ods-enforcerd[87403]: [enforcer] updateZone Ready for transition but key material not backed up yet (5b5ac7ce18f5d7e30f3520ee8bbfa840)
...
Sep 22 00:42:22 rip ods-signerd[87409]: [hsm] unable to get key: key 7b90031343fd902d993026f8ee7c7185 not found
Sep 22 00:42:22 rip ods-signerd[87409]: [hsm] hsm_get_dnskey(): Got NULL key
Sep 22 00:42:22 rip ods-signerd[87409]: [hsm] unable to get key: hsm failed to create dnskey
Sep 22 00:42:22 rip ods-signerd[87409]: [zone] unable to publish dnskeys for zone 0.0.0.0.b.e.d.0.1.0.0.2.ip6.arpa: error creating dnskey
Sep 22 00:42:22 rip ods-signerd[87409]: [tools] unable to read zone 0.0.0.0.b.e.d.0.1.0.0.2.ip6.arpa: failed to publish dnskeys (General error)
Sep 22 00:42:22 rip ods-signerd[87409]: CRITICAL: failed to sign zone 0.0.0.0.b.e.d.0.1.0.0.2.ip6.arpa: General error
so i google around and find
rip.psg.com:# ods-ksmutil backup prepare
-bash: ods-ksmutil: command not found
rip.psg.com:# find / -name ods-ksmutil
rip.psg.com:#
so i guess that was v1
where the heck do i go from here. i had a working opendnssec, wanted to
fix logging, and now ...
randy
More information about the Opendnssec-user
mailing list