[Opendnssec-user] Problem with OpenBSD

Pavel Korovin p at tristero.se
Wed Apr 7 14:03:21 UTC 2021

Hi François,

I'm OpenDNSSec port maintainer. I'd like to move the discussion off the
list since it's port-specific, please reply directy, you can find my
e-mail in the output of `pkg_info opendnssec | grep Maintainer`.

I need the following info:

1. Contents of /etc/opendnssec/conf.xml Please remove PIN or any other sensitive

2. Contents of /etc/softhsm2.conf

3. Output of `ls -al $tokendir`, where $tokendir is the location,
specified in directories.tokendir line of your /etc/softhsm2.conf

4. Output of `ls -al $hsmdatastore`, where $hsmdatastore is the location
specified in <Datastore> section of your /etc/opendnssec/conf.xml

Did you read /usr/local/share/doc/pkg-readmes/opendnssec?
I tried to make it comprehensive enough to get started.

With best regards,
Pavel Korovin

On 04/06, François RONVAUX via Opendnssec-user wrote:
> Hello,
> My server runs OpenBSD v6.8 with the softwares from the official OpenBSD
> packages repositories :  OpenDNSSEC v 2.1.6.p0 and SoftHSM2 v2.6.1p0.
> I follow this guide (that is not very old) :
> https://toutetrien.lithio.fr/article/signer-sa-zone-dns-avec-opendnssec
> When I lauch the service with "rcctl start opendnssec", I get this in the
> log...

> ods-enforcerd: [engine] fail to start enforcerd completely
> ods-enforcerd: setup failed: HSM error
> ods-enforcerd: [engine] enforcer shutdown
> ods-enforcerd: [engine] enforcerd (pid: 92618) stopped with exitcode 3

More information about the Opendnssec-user mailing list