Hi Rein,
I fixed the problem by stopping ods (both enforcer and signer), then I
deleted /var/opendnssec/tmp/rug.nl.xfrd-state, then I started ods again.
After that the zone was properly received and processed. (I tried this,
because of what I read in another thread earlier this month.)
So, unf
Hi Fred,
> The /var/opendnssec/tmp/rug.nl-xfrd-state file still shows the old soa serial
> 2014051506, where the unsigned system is already at 2014051520.
> To me it looks as if opendnssec receives the zone, but does not process it.
> Any other ideas to diagnose this problem?
Can you have a look
Further research shows the following:
The zone has been updated a few times on the system with the unsigned zones.
The log of the source system of the unsigned zone shows that today the zone
has been transfered to the opendnssec system (more than once):
dns-xfr-out.log:14-May-2014 16:25:13.018
>> i realized that i have not seen softhsm telling me i need to
>> sqlite3 /usr/local/var/softhsm/slot0.db ".backup `date
>> '+%y%m%d'`.softhsm-copy.db"
>> ods-ksmutil backup prepare
>> ods-ksmutil backup commit
>> for a month or two. how do i diagnose why and what i should do about
>
On Wed, May 14, 2014 at 2:05 PM, Alex Omgovitskij wrote:
>
> Thus SoftHSM or SoftHSM + TRNG is a good choice for now, we can add TRNG
> later or even add HSM later if required.
> So the question still actual (to foresee future changes in hardware): is
> it possible to use SoftHSM + TRNG?
>
That w
On Wed, May 14, 2014 at 11:38 AM, Randy Bush wrote:
> i realized that i have not seen softhsm telling me i need to
>
> sqlite3 /usr/local/var/softhsm/slot0.db ".backup `date
> '+%y%m%d'`.softhsm-copy.db"
> ods-ksmutil backup prepare
> ods-ksmutil backup commit
>
> for a month or two.
We use adapters in addns.xml to receive the unsigned zones via zone
transfers. This worked well. An update of the zone on the source server was
received and processed by opendnssec in a few seconds.
Recently I installed ods 1.4.5. I now have the impression that a notify from
the source system i
