Hi Zone 1 has been running for a months in a test environment.
I’m added zone 2 and 3. I updated a TSIG key for domain 2 and then updated the enforcer and it deleted all my domains? opendnssec version 2.0.1 root@signer1:/etc/opendnssec# ods-enforcer update all Policy default already up-to-date Policy lab already up-to-date Policy default already up-to-date Policy lab already up-to-date Deleted zone 1 successfully Deleted zone 2 successfully Deleted zone 3 successfully update all completed in 1 seconds. root@signer1:/etc/opendnssec# ods-enforcer key list --all --verbose Keys: Zone: Keytype: State: Date of next transition: Size: Algorithm: CKA_ID: Repository: KeyTag: key list completed in 0 seconds. root@signer1:/etc/opendnssec# ods-enforcer zone list Database set to: /var/opendnssec/kasp.db No zones in database. zone list completed in 0 seconds. The log file: Sep 16 14:02:41 signer1 ods-signerd: [xfrd] zone 1 request udp/ixfr=1160916056 to 192.168.x.x Sep 16 14:02:41 signer1 ods-signerd: [xfrd] zone 1 received too short udp reply from 192.168.x.x, retry tcp Sep 16 14:02:41 signer1 ods-signerd: [xfrd] zone 1 request tcp/ixfr=1160916056 to 192.168.x.x Sep 16 14:02:58 signer1 ods-signerd: [xfrd] zone 1 transfer done [notify acquired 1474027361, serial on disk 1160916057, notify serial 1160916057] Sep 16 14:03:48 signer1 ods-signerd: [STATS] 1 1160916057 RR[count=80 time=35(sec)] NSEC3[count=0 time=0(sec)] RRSIG[new=2 reused=235 time=2(sec) avg=1(sig/sec)] TOTAL[time=50(sec)] Sep 16 14:04:15 signer1 ods-signerd: [namedb] zone 3 cannot keep SOA SERIAL from input zone (2016091648): previous output SOA SERIAL is 2016091648 … Sep 16 14:15:41 signer1 ods-signerd: [worker[2]] continue task [read] for zone 1 Sep 16 14:15:41 signer1 ods-signerd: [worker[2]] continue task [sign] for zone 2 Sep 16 14:15:41 signer1 ods-signerd: [worker[1]] continue task [sign] for zone 3 Sep 16 14:15:41 signer1 ods-signerd: [xfrd] zone 2 request axfr to 192.168.x.x Sep 16 14:15:41 signer1 ods-signerd: [xfrd] bad packet: zone 2 received error code NOTAUTH from 192.168.x.x Sep 16 14:15:41 signer1 ods-signerd: [xfrd] zone 2, from 192.168.x.x has tsig error (Bad Key) Sep 16 14:15:41 signer1 ods-signerd: [xfrd] unable to process tsig: xfr zone 2 from 192.168.x.x has bad tsig signature Sep 16 14:15:41 signer1 ods-signerd: [xfrd] bad packet: zone 2 received bad tsig from 192.168.x.x Sep 16 14:15:41 signer1 ods-enforcerd: [zonelist_import] zone 2 deleted Sep 16 14:15:41 signer1 ods-enforcerd: [zonelist_import] zone 3 deleted Sep 16 14:15:41 signer1 ods-enforcerd: [zonelist_import] zone 1 deleted … now in the log file after a stop start: Sep 16 14:22:12 signer1 ods-signerd: [signconf] zone 2 signconf: RESIGN[PT2H] REFRESH[P3D] VALIDITY[P14D] DENIAL[P14D] KEYSET[PT0S] JITTER[PT12H] OFFSET[PT1H] NSEC[50] DNSKEYTTL[PT1H] SOATTL[PT1H] MINIMUM[PT1H] SERIAL[keep] Sep 16 14:22:12 signer1 ods-signerd: [signconf] zone 3 signconf: RESIGN[PT2H] REFRESH[P3D] VALIDITY[P14D] DENIAL[P14D] KEYSET[PT0S] JITTER[PT12H] OFFSET[PT1H] NSEC[50] DNSKEYTTL[PT1H] SOATTL[PT1H] MINIMUM[PT1H] SERIAL[keep] Regards — David Peall
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
