I wanted to sign my reverse classless delegation. This is a delegation
for 64/25.157.10.76.in-addr.arpa.
I expected this to break, but it got a little further then I expected :)
Mar 14 16:15:49 nohats ods-enforcerd: Config will be output to
/var/opendnssec/signconf/64/25.157.10.76.in-addr.arpa.xml.
Mar 14 16:15:49 nohats ods-enforcerd: Could not open:
/var/opendnssec/signconf/64/25.157.10.76.in-addr.arpa.xml.tmp
Creating that directory just to help it showed the problem a little
further:
Mar 14 16:26:20 nohats ods-signerd: [tools] unable to copy zone input file
64/25.157.10.76.in-addr.arpa: Unable to open file
So fixed all entries in zonelist.xml to use "-" instead of "/". I ran
ods-ksmutil update all. And still noticed it trying to grab stuff from
64/ so I also stopped it and emptied the tmp directory.
Double checking, I have:
<Zone name="64/25.157.10.76.in-addr.arpa">
<Policy>default</Policy>
<SignerConfiguration>/var/opendnssec/signconf/64-25.157.10.76.in-addr.arpa.xml</SignerConfiguration>
<Adapters>
<Input>
<File>/etc/nsd/64-25.157.10.76.in-addr.arpa</File>
</Input>
<Output>
<File>/var/opendnssec/signed/64-25.157.10.76.in-addr.arpa</File>
</Output>
</Adapters>
</Zone>
but still see:
Mar 14 16:31:22 nohats ods-signerd: [tools] unable to copy zone input file
64/25.157.10.76.in-addr.arpa: Unable to open file
There must be some internal name use happening that is based on zone
name and not on input file name.
(See further http://www.ietf.org/rfc/rfc2317.txt)
Paul
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
