Hi Rick, there is no output from the signer at all, just from the enforcer:
Dec 10 06:57:18 a ods-enforcerd: HSM connection open. Dec 10 06:57:18 a ods-enforcerd: Reading config "/etc/opendnssec/conf.xml" Dec 10 06:57:18 a ods-enforcerd: Reading config schema "/usr/share/opendnssec/conf.rng" Dec 10 06:57:18 a ods-enforcerd: Communication Interval: 3600 Dec 10 06:57:18 a ods-enforcerd: Using command: /usr/local/bin/update-dnskey.sh to submit DS records Dec 10 06:57:18 a ods-enforcerd: SQLite database set to: /var/lib/opendnssec/kasp.db Dec 10 06:57:18 a ods-enforcerd: Log User set to: local0 Dec 10 06:57:18 a ods-enforcerd: Switched log facility to: local0 Dec 10 06:57:18 a ods-enforcerd: Connecting to Database... Dec 10 06:57:18 a ods-enforcerd: Policy default found. Dec 10 06:57:18 a ods-enforcerd: Key sharing is Off. Dec 10 06:57:18 a ods-enforcerd: Purging keys... Dec 10 06:57:18 a ods-enforcerd: Policy lab found. Dec 10 06:57:18 a ods-enforcerd: Key sharing is Off. Dec 10 06:57:18 a ods-enforcerd: No zones on policy lab, skipping... Dec 10 06:57:18 a ods-enforcerd: Purging keys... Dec 10 06:57:18 a ods-enforcerd: zonelist filename set to /etc/opendnssec/zonelist.xml. Dec 10 06:57:18 a ods-enforcerd: Zone dnssec.cc found. Dec 10 06:57:18 a ods-enforcerd: Policy for dnssec.cc set to default. Dec 10 06:57:18 a ods-enforcerd: Policy default found in DB. Dec 10 06:57:18 a ods-enforcerd: Config will be output to /var/lib/opendnssec/signconf/dnssec.cc.xml. Dec 10 06:57:18 a ods-enforcerd: No change to: /var/lib/opendnssec/signconf/dnssec.cc.xml Dec 10 06:57:18 a ods-enforcerd: Disconnecting from Database... Dec 10 06:57:18 a ods-enforcerd: Sleeping for 3600 seconds. Dec 10 07:57:18 a ods-enforcerd: HSM connection open. Dec 10 07:57:18 a ods-enforcerd: Reading config "/etc/opendnssec/conf.xml" Dec 10 07:57:18 a ods-enforcerd: Reading config schema "/usr/share/opendnssec/conf.rng" Dec 10 07:57:18 a ods-enforcerd: Communication Interval: 3600 Dec 10 07:57:18 a ods-enforcerd: Using command: /usr/local/bin/update-dnskey.sh to submit DS records Dec 10 07:57:18 a ods-enforcerd: SQLite database set to: /var/lib/opendnssec/kasp.db Dec 10 07:57:18 a ods-enforcerd: Log User set to: local0 Dec 10 07:57:18 a ods-enforcerd: Switched log facility to: local0 Dec 10 07:57:18 a ods-enforcerd: Connecting to Database... Dec 10 07:57:18 a ods-enforcerd: Policy default found. Dec 10 07:57:18 a ods-enforcerd: Key sharing is Off. Dec 10 07:57:18 a ods-enforcerd: Purging keys... Dec 10 07:57:18 a ods-enforcerd: Policy lab found. Dec 10 07:57:18 a ods-enforcerd: Key sharing is Off. Dec 10 07:57:18 a ods-enforcerd: No zones on policy lab, skipping... Dec 10 07:57:18 a ods-enforcerd: Purging keys... Dec 10 07:57:18 a ods-enforcerd: zonelist filename set to /etc/opendnssec/zonelist.xml. Dec 10 07:57:18 a ods-enforcerd: Zone dnssec.cc found. Dec 10 07:57:18 a ods-enforcerd: Policy for dnssec.cc set to default. Dec 10 07:57:18 a ods-enforcerd: Policy default found in DB. Dec 10 07:57:18 a ods-enforcerd: Config will be output to /var/lib/opendnssec/signconf/dnssec.cc.xml. Dec 10 07:57:19 a ods-enforcerd: No change to: /var/lib/opendnssec/signconf/dnssec.cc.xml Dec 10 07:57:19 a ods-enforcerd: Disconnecting from Database... Dec 10 07:57:19 a ods-enforcerd: Sleeping for 3600 seconds. Dec 10 08:57:19 a ods-enforcerd: HSM connection open. Dec 10 08:57:19 a ods-enforcerd: Reading config "/etc/opendnssec/conf.xml" Dec 10 08:57:19 a ods-enforcerd: Reading config schema "/usr/share/opendnssec/conf.rng" Dec 10 08:57:19 a ods-enforcerd: Communication Interval: 3600 Dec 10 08:57:19 a ods-enforcerd: Using command: /usr/local/bin/update-dnskey.sh to submit DS records Dec 10 08:57:19 a ods-enforcerd: SQLite database set to: /var/lib/opendnssec/kasp.db Dec 10 08:57:19 a ods-enforcerd: Log User set to: local0 Dec 10 08:57:19 a ods-enforcerd: Switched log facility to: local0 Dec 10 08:57:19 a ods-enforcerd: Connecting to Database... Dec 10 08:57:19 a ods-enforcerd: Policy default found. Dec 10 08:57:19 a ods-enforcerd: Key sharing is Off. Dec 10 08:57:19 a ods-enforcerd: Purging keys... Dec 10 08:57:19 a ods-enforcerd: Policy lab found. Dec 10 08:57:19 a ods-enforcerd: Key sharing is Off. Dec 10 08:57:19 a ods-enforcerd: No zones on policy lab, skipping... Dec 10 08:57:19 a ods-enforcerd: Purging keys... Dec 10 08:57:19 a ods-enforcerd: zonelist filename set to /etc/opendnssec/zonelist.xml. Dec 10 08:57:19 a ods-enforcerd: Zone dnssec.cc found. Dec 10 08:57:19 a ods-enforcerd: Policy for dnssec.cc set to default. Dec 10 08:57:19 a ods-enforcerd: Policy default found in DB. Dec 10 08:57:19 a ods-enforcerd: Config will be output to /var/lib/opendnssec/signconf/dnssec.cc.xml. Dec 10 08:57:19 a ods-enforcerd: No change to: /var/lib/opendnssec/signconf/dnssec.cc.xml Dec 10 08:57:19 a ods-enforcerd: Disconnecting from Database... Dec 10 08:57:19 a ods-enforcerd: Sleeping for 3600 seconds. Dec 10 09:57:19 a ods-enforcerd: HSM connection open. Dec 10 09:57:19 a ods-enforcerd: Reading config "/etc/opendnssec/conf.xml" Dec 10 09:57:19 a ods-enforcerd: Reading config schema "/usr/share/opendnssec/conf.rng" Dec 10 09:57:19 a ods-enforcerd: Communication Interval: 3600 Dec 10 09:57:19 a ods-enforcerd: Using command: /usr/local/bin/update-dnskey.sh to submit DS records Dec 10 09:57:19 a ods-enforcerd: SQLite database set to: /var/lib/opendnssec/kasp.db Dec 10 09:57:19 a ods-enforcerd: Log User set to: local0 Dec 10 09:57:19 a ods-enforcerd: Switched log facility to: local0 Dec 10 09:57:19 a ods-enforcerd: Connecting to Database... Dec 10 09:57:19 a ods-enforcerd: Policy default found. Dec 10 09:57:19 a ods-enforcerd: Key sharing is Off. Dec 10 09:57:19 a ods-enforcerd: Purging keys... Dec 10 09:57:19 a ods-enforcerd: Policy lab found. Dec 10 09:57:19 a ods-enforcerd: Key sharing is Off. Dec 10 09:57:19 a ods-enforcerd: No zones on policy lab, skipping... Dec 10 09:57:19 a ods-enforcerd: Purging keys... Dec 10 09:57:19 a ods-enforcerd: zonelist filename set to /etc/opendnssec/zonelist.xml. Dec 10 09:57:19 a ods-enforcerd: Zone dnssec.cc found. Dec 10 09:57:19 a ods-enforcerd: Policy for dnssec.cc set to default. Dec 10 09:57:19 a ods-enforcerd: Policy default found in DB. Dec 10 09:57:19 a ods-enforcerd: Config will be output to /var/lib/opendnssec/signconf/dnssec.cc.xml. Dec 10 09:57:19 a ods-enforcerd: No change to: /var/lib/opendnssec/signconf/dnssec.cc.xml Dec 10 09:57:19 a ods-enforcerd: Disconnecting from Database... Dec 10 09:57:19 a ods-enforcerd: Sleeping for 3600 seconds. Dec 10 10:57:19 a ods-enforcerd: HSM connection open. Dec 10 10:57:19 a ods-enforcerd: Reading config "/etc/opendnssec/conf.xml" Dec 10 10:57:19 a ods-enforcerd: Reading config schema "/usr/share/opendnssec/conf.rng" Dec 10 10:57:19 a ods-enforcerd: Communication Interval: 3600 Dec 10 10:57:19 a ods-enforcerd: Using command: /usr/local/bin/update-dnskey.sh to submit DS records Dec 10 10:57:19 a ods-enforcerd: SQLite database set to: /var/lib/opendnssec/kasp.db Dec 10 10:57:19 a ods-enforcerd: Log User set to: local0 Dec 10 10:57:19 a ods-enforcerd: Switched log facility to: local0 Dec 10 10:57:19 a ods-enforcerd: Connecting to Database... Dec 10 10:57:19 a ods-enforcerd: Policy default found. Dec 10 10:57:19 a ods-enforcerd: Key sharing is Off. Dec 10 10:57:19 a ods-enforcerd: Purging keys... Dec 10 10:57:19 a ods-enforcerd: Policy lab found. Dec 10 10:57:19 a ods-enforcerd: Key sharing is Off. Dec 10 10:57:19 a ods-enforcerd: No zones on policy lab, skipping... Dec 10 10:57:19 a ods-enforcerd: Purging keys... Dec 10 10:57:19 a ods-enforcerd: zonelist filename set to /etc/opendnssec/zonelist.xml. Dec 10 10:57:19 a ods-enforcerd: Zone dnssec.cc found. Dec 10 10:57:19 a ods-enforcerd: Policy for dnssec.cc set to default. Dec 10 10:57:19 a ods-enforcerd: Policy default found in DB. Dec 10 10:57:19 a ods-enforcerd: Config will be output to /var/lib/opendnssec/signconf/dnssec.cc.xml. Dec 10 10:57:19 a ods-enforcerd: No change to: /var/lib/opendnssec/signconf/dnssec.cc.xml Dec 10 10:57:19 a ods-enforcerd: Disconnecting from Database... Dec 10 10:57:19 a ods-enforcerd: Sleeping for 3600 seconds. Signer process is running: ps aux | grep signer 104 14565 0.0 0.3 151828 7104 ? Ssl Nov15 0:00 /usr/sbin/ods-signerd Anything I can check before trying to restart the signer? Regards, Volker On Tue, 10 Dec 2013 11:15:52 +0100, Rick van Rein <r...@openfortress.nl> wrote: > Volker, > >> I think I might have a configuration error in OpenDNSSEC. I want it to >> resign the whole zone once in 14 days, that Nagios starts warning me 12 days >> before it expires. My kasp.xml should be default: > > One potential source of these errors is if the signer cannot read > your zone, gets confused and stops generating signatures. This should > be very loud in your log files, because it keeps running into those > problems every hour or so. Please be sure to have checked those. > > -Rick _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
