On 2024-08-16 17:16, Havard Eidnes via Opendnssec-user wrote:
For some reason or other, "ods-enforcer key list -v" has started
showing this particular key:
(null) KSK unknown now
2048 13 43ff9e6e2c011cd6165f25aa7ac6db83 SoftHSM
45696
It appears that the presence of this key makes "ods-enforcer key
list -z <any-zone>" crash ods-enforcerd with a SEGV, because in
perform_keystate_list() it doesn't check the return value of
key_data_get_zone() (which has several return paths which return
NULL) and consequently ends up calling zone_db_name() with a NULL
argument (which returns NULL), and using that as the first
argument to strcmp(), with predictable results.
The question is: how do I convince OpenDNSSEC that it should
forget about this key?
Hi Havard,
This is a very peculiar one. Data corruption in OpenDNSSEC isn't
something
one experiences, but this is one. I'm very much wondering how this come
to
bear. Had you a crash that caused this one or something?
This is an orphaned key, but still attached to a zone, just that the
zone is
gone. So I can only see this happening when a zone deletion had a very
strange thing going on.
You probably can't find the cause back, so I'll contact you by e-mail
how to
resolve this. As keys have some connections to zones that also need
cleaning,
and this isn't something for the list. There's no way a normal command
line
will resolve this and some DB queries are needed.
With kind regards,
\Berry
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
