[Opendnssec-user] Removing a zone-less key?
Berry van Halderen
berry at nlnetlabs.nl
Wed Aug 21 13:45:55 UTC 2024
On 2024-08-16 17:16, Havard Eidnes via Opendnssec-user wrote:
>
> For some reason or other, "ods-enforcer key list -v" has started
> showing this particular key:
>
> (null) KSK unknown now
> 2048 13 43ff9e6e2c011cd6165f25aa7ac6db83 SoftHSM
> 45696
>
> It appears that the presence of this key makes "ods-enforcer key
> list -z <any-zone>" crash ods-enforcerd with a SEGV, because in
> perform_keystate_list() it doesn't check the return value of
> key_data_get_zone() (which has several return paths which return
> NULL) and consequently ends up calling zone_db_name() with a NULL
> argument (which returns NULL), and using that as the first
> argument to strcmp(), with predictable results.
>
> The question is: how do I convince OpenDNSSEC that it should
> forget about this key?
Hi Havard,
This is a very peculiar one. Data corruption in OpenDNSSEC isn't
something
one experiences, but this is one. I'm very much wondering how this come
to
bear. Had you a crash that caused this one or something?
This is an orphaned key, but still attached to a zone, just that the
zone is
gone. So I can only see this happening when a zone deletion had a very
strange thing going on.
You probably can't find the cause back, so I'll contact you by e-mail
how to
resolve this. As keys have some connections to zones that also need
cleaning,
and this isn't something for the list. There's no way a normal command
line
will resolve this and some DB queries are needed.
With kind regards,
\Berry
More information about the Opendnssec-user
mailing list