Re: [Opendnssec-user] addns.xml update deletes all domains

2016-09-16 Thread Yuri Schaeffer
> So my understanding is that for the time being I’m going to have to run the > following after adding or removing a zone. > ods-enforcer loneliest export > > To avoid any foot-shootery? Yes, you can do a 'zonelist export' to make sure the zonelist.xml contains all configured zones. BUT you don

Re: [Opendnssec-user] addns.xml update deletes all domains

2016-09-16 Thread David Peall
Hi So my understanding is that for the time being I’m going to have to run the following after adding or removing a zone. ods-enforcer loneliest export To avoid any foot-shootery? Regards — David Peall > On 16 Sep 2016, at 3:10 PM, Yuri Schaeffer wrote: > > Hi David, > > Thanks for your re

Re: [Opendnssec-user] addns.xml update deletes all domains

2016-09-16 Thread Yuri Schaeffer
Hi David, Thanks for your report! > I’m added zone 2 and 3. I updated a TSIG key for domain 2 and then > updated the enforcer and it deleted all my domains? Well this is a bit embarrassing... Since 2.0 we declared the database leading over the zonelist.xml for the configured zones. But to provi

[Opendnssec-user] addns.xml update deletes all domains

2016-09-16 Thread David Peall
Hi Zone 1 has been running for a months in a test environment. I’m added zone 2 and 3. I updated a TSIG key for domain 2 and then updated the enforcer and it deleted all my domains? opendnssec version 2.0.1 root@signer1:/etc/opendnssec# ods-enforcer update all Policy default already up-to-da

Re: [Opendnssec-user] Signer daemon 1.4.10 segfault

2016-09-16 Thread Yuri Schaeffer
Hi Juan, > We have compiled ods (at version 1.4.10) on a RHEL7 and added some numb > zones for testing but ods-signerd is crashing: > > Sep 16 12:49:38 plat ods-signerd: ObjectFile.cpp(122): The attribute > does not exist: 0x0002 > Sep 16 12:49:38 plat kernel: ods-signerd[12271]: segfault at

[Opendnssec-user] Signer daemon 1.4.10 segfault

2016-09-16 Thread Juan Carlos Rodriguez
Hi, We have compiled ods (at version 1.4.10) on a RHEL7 and added some numb zones for testing but ods-signerd is crashing: Sep 16 12:49:38 plat ods-signerd: ObjectFile.cpp(122): The attribute does not exist: 0x0002 Sep 16 12:49:38 plat kernel: ods-signerd[12271]: segfault at 20 ip 00

Re: [Opendnssec-user] Serial problem after rollover in 2.0.1

2016-09-16 Thread Fred.Zwarts
"Yuri Schaeffer" schreef in bericht news:7b52287e-c6d9-7862-dcdc-3c9db8c8f...@nlnetlabs.nl... We never had this problem with 1.4. From our /etc/opendnssec/kasp.xml: PT15H PT86400S PT10800S datecounter The kasp.xml has not

Re: [Opendnssec-user] Serial problem after rollover in 2.0.1

2016-09-16 Thread Yuri Schaeffer
> We never had this problem with 1.4. From our /etc/opendnssec/kasp.xml: > > >PT15H > >PT86400S >PT10800S >datecounter > > > > The kasp.xml has not been touched since December 2015. > So, there must be something else. Could

Re: [Opendnssec-user] Serial problem after rollover in 2.0.1

2016-09-16 Thread Fred.Zwarts
"Yuri Schaeffer" schreef in bericht news:46da313f-2c47-92b1-8c3d-cc1af1ec6...@nlnetlabs.nl... Hi Fred, The log message "If this is the result of a key rollover ..." suggests (at least to me) that it is normal that a manual intervention is needed during a roll-over, but we are not used to it.

Re: [Opendnssec-user] Serial problem after rollover in 2.0.1

2016-09-16 Thread Fred.Zwarts
"Yuri Schaeffer" schreef in bericht news:46da313f-2c47-92b1-8c3d-cc1af1ec6...@nlnetlabs.nl... Hi Fred, The log message "If this is the result of a key rollover ..." suggests (at least to me) that it is normal that a manual intervention is needed during a roll-over, but we are not used to it.

Re: [Opendnssec-user] Serial problem after rollover in 2.0.1

2016-09-16 Thread Yuri Schaeffer
Hi Fred, > The log message "If this is the result of a key rollover ..." suggests > (at least to me) that it is normal that a manual intervention is needed > during a roll-over, but we are not used to it. > Is this a bug, or is it the intended behavior? > Are there new options to be included in t

[Opendnssec-user] Serial problem after rollover in 2.0.1

2016-09-16 Thread Fred.Zwarts
Recently we upgraded to ods 2.01. from 1.4.10. During key roll-overs we never needed to update our input zones as long as we used version 1. This night ods was still in the process of retiring the backup keys, used in version 1.4.10, when it started a ZSK key roll-over. After that the signer ref