So it looks like the signer is doing things, but not outputting the
signed zone. Is the auditor not happy perhaps? What does this command
tell you:
/usr/local/bin/ods-auditor -c /usr/local/etc/opendnssec/conf.xml -u
/usr/local/var/opendnssec/tmp/hirlimann.net.inbound -s
/usr/local/var/opendnssec/tmp/hirlimann.net.finalized -z hirlimann.net
?
On 04-03-14 12:37, Ludovic Hirlimann wrote:
On 04/03/2014 12:14, Matthijs Mekking wrote:
Hi,
I would like to know some more so that I can delve into this:
1. Can you provide the version used?
root@perso:~ # pkg_info |grep dns
ldns-1.6.16 A library for programs conforming to DNS RFCs and drafts
opendnssec-1.3.13 Tool suite for maintaining DNSSEC
rubygem-dnsruby-1.53 A pure Ruby DNS client library
2. Can you increase the verbosity to 5 and schedule a sign again and
provide those logs?
root@perso:~ # ods-signer verbosity 5
Verbosity level set to 5.
root@perso:~ # ods-signer sign hirlimann.net
Zone hirlimann.net scheduled for immediate re-sign.
caught this in /var/log/debug.log:
Mar 4 12:27:49 perso ods-signerd: [worker[1]] somebody poked me, check
completed jobs 17 appointed, 17 completed, 0 failed
Mar 4 12:27:49 perso ods-signerd: [worker[1]] sign zone hirlimann.net
ok: 17 of 17 RRsets succeeded
Mar 4 12:27:49 perso ods-signerd: [file] open file
file=hirlimann.net.finalized.tmp mode=writing
Mar 4 12:27:49 perso ods-signerd: system call:
/usr/local/bin/ods-auditor -c /usr/local/etc/opendnssec/conf.xml -u
/usr/local/var/opendnssec/tmp/hirlimann.net.inbound -s
/usr/local/var/opendnssec/tmp/hirlimann.net.finalized -z hirlimann.net >
/dev/null
Mar 4 12:27:49 perso ods-signerd: [worker[1]] finished working on zone
hirlimann.net
Mar 4 12:27:49 perso ods-signerd: [scheduler] schedule task [read] for
zone hirlimann.net
Mar 4 12:27:49 perso ods-signerd: [task] On Tue Mar 4 13:27:49 2014 I
will [read] zone hirlimann.net
Mar 4 12:27:49 perso ods-signerd: [worker[1]] report for duty
Mar 4 12:27:49 perso ods-signerd: [scheduler] not popping task for zone
hirlimann.net: not ready (when 1393936069 < now 1393932469, flush=0)
Mar 4 12:27:49 perso ods-signerd: [worker[1]] nothing to do
$ ods-signer verbosity
$ ods-signer sign hirlimann.net
3. Do the DNSKEY queries match the records in the signed file that the
signer has produced?
ain't sure for that one. because it doesn't look like the signer has
produced a new file.
4. What is the last time the signed file has been changed (fstat)?
root@perso:/etc/namedb/signed # ls -ltr
total 8
-rw-r--r-- 1 root wheel 7899 Feb 14 00:14 hirlimann.net
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
