[Opendnssec-user] Signer crash after restart.

2017-05-02 Thread David Peall
Hi I got the following message after starting up signer after a reboot: ods-signerd: daemon/engine.c:894: engine_recover: assertion zone->zl_status == ZONE_ZL_ADDED failed Regards — David Peall smime.p7s Description: S/MIME cryptographic signat

[Opendnssec-user] DB prepare Err 2006: MySQL server has gone away

2017-03-02 Thread David Peall
configuration error or is there some issue with the DB pool in OpenDNSSEC. Kind Regards — David Peall smime.p7s Description: S/MIME cryptographic signature ___ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman

Re: [Opendnssec-user] odd-enforce zapping domains

2016-09-26 Thread David Peall
RRSIG. I then rolled the machine clock back and resigned, the zone file looks fine all the RRSIG’s are valid and signed with the new ZSK. OpenDNSSEC shooting its own DB seems to be a rather drastic bug, what is the timeline on a fix for this? Regards — David Peall > On 26 Sep 2016, at 1:05

Re: [Opendnssec-user] odd-enforce zapping domains

2016-09-26 Thread David Peall
forward if there is any heads up I’d appreciate it. Regards — David Peall > On 26 Sep 2016, at 12:30 PM, David Peall wrote: > > Hi > > Is it possible to rebuild the database for 3 zones that were delete from the > database. ods-signer is still signing the 3 domains: >

[Opendnssec-user] odd-enforce zapping domains

2016-09-26 Thread David Peall
seconds. Keys are still in the HSM. I need to keep the KSK at minimum the ZSK and RRSIG records can be re-generated. Regards — David Peall smime.p7s Description: S/MIME cryptographic signature ___ Opendnssec-user mailing list Opendnssec-user

Re: [Opendnssec-user] addns.xml update deletes all domains

2016-09-16 Thread David Peall
Hi So my understanding is that for the time being I’m going to have to run the following after adding or removing a zone. ods-enforcer loneliest export To avoid any foot-shootery? Regards — David Peall > On 16 Sep 2016, at 3:10 PM, Yuri Schaeffer wrote: > > Hi David, > >

[Opendnssec-user] addns.xml update deletes all domains

2016-09-16 Thread David Peall
: [signconf] zone 3 signconf: RESIGN[PT2H] REFRESH[P3D] VALIDITY[P14D] DENIAL[P14D] KEYSET[PT0S] JITTER[PT12H] OFFSET[PT1H] NSEC[50] DNSKEYTTL[PT1H] SOATTL[PT1H] MINIMUM[PT1H] SERIAL[keep] Regards — David Peall smime.p7s Description: S/MIME cryptographic signature

Re: [Opendnssec-user] Key not found

2014-06-12 Thread David Peall
7f6acc628c40 error 4 in ods-signerd[40+5c000] Running it in debug now trying to get you more information, but otherwise appears finding the keys. Regards — David Peall On 11 Jun 2014, at 2:13 PM, David Peall wrote: > Hi Rickard > > I appreciate the help. > > Its not timing as

Re: [Opendnssec-user] Key not found

2014-06-11 Thread David Peall
000: pkcs11: 08CB >CKA_CLASS: CKO_PUBLIC_KEY Seems to be the issue? Regards — David Peall On 11 Jun 2014, at 12:57 PM, Rickard Bellgrim wrote: > On Wed, Jun 11, 2014 at 12:15 PM, David Peall wrote: > Here is the log line: > Jun 11 12:03:41 ods-signerd: [hsm] unable

Re: [Opendnssec-user] Key not found

2014-06-11 Thread David Peall
014-06-11 12:10:33 [6739] t40c730f8a97f: pkcs11: 08CB >hSession 0x08CB 2014-06-11 12:10:33 [6739] t40c730f8a97f: pkcs11: 08CB <rv 0x (CKR_OK) 2014-06-11 12:10:33 [6739] t40c730f8a97f: pkcs11: 08CB >> C_CloseSession 2014-06-11 12:10:

Re: [Opendnssec-user] Key not found

2014-06-10 Thread David Peall
hinky going on? Regards — David Peall On 10 Jun 2014, at 4:22 PM, David Peall wrote: > Hi All > > As Mark has said logged in as the signer user we are able to list the > “missing” key. > KSK active2015-06-10 15:19:39 > (r

Re: [Opendnssec-user] Key not found

2014-06-10 Thread David Peall
look for? Regards — David Peall On 09 Jun 2014, at 2:39 PM, Siôn Lloyd wrote: > On 09/06/14 11:30, David Peall wrote: >> >> But then: >> ods-signerd: [hsm] unable to get key: key 994410881c1e66e2d075ed1ed1756679 >> not found >> ods-signerd: [zone] unable to

Re: [Opendnssec-user] Key not found

2014-06-09 Thread David Peall
On 09 Jun 2014, at 2:39 PM, Siôn Lloyd wrote: > On 09/06/14 11:30, David Peall wrote: >> >> But then: >> ods-signerd: [hsm] unable to get key: key 994410881c1e66e2d075ed1ed1756679 >> not found >> ods-signerd: [zone] unable to publish dnskeys for zone : error

[Opendnssec-user] Key not found

2014-06-09 Thread David Peall
is appreciated. Regards — David Peall smime.p7s Description: S/MIME cryptographic signature ___ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Re: [Opendnssec-user] Follow up on ods-enforcerd segfault

2014-05-28 Thread David Peall
” seems to have fixed the problem. Regards — David Peall On 28 May 2014, at 8:05 PM, Jerry Lundström wrote: > Hi Mark and David, > > On ons, 2014-05-28 at 14:40 +0200, David Peall wrote: >> kernel: [688550.164139] ods-enforcerd[15772]: segfault at 0 ip >> 7ffb985

[Opendnssec-user] Follow up on ods-enforcerd segfault

2014-05-28 Thread David Peall
be created for policy zacr-nsec3: keys_to_generate(1) = keys_needed(2) - keys_available(1). kernel: [688550.164139] ods-enforcerd[15772]: segfault at 0 ip 7ffb985ceb14 sp 7fff31d272e0 error 4 in libcknfast.so[7ffb98525000+1ee000] Regards — David Peall smime.p7s Description: S/MIME

[Opendnssec-user] ods-enforcerd segfault when there are no spare keys - using Thales HSM

2014-05-28 Thread David Peall
count=3 time=0(sec)] RRSIG[new=10 reused=0 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] ods-signerd: [STATS] web.za 1401279757 RR[count=453 time=0(sec)] NSEC3[count=58 time=0(sec)] RRSIG[new=116 reused=0 time=1(sec) avg=116(sig/sec)] TOTAL[time=1(sec)] Regards — David Peall smime.p7s