> Is there anything I need to
> look for when migrating from 1.4.6 to 1.4.10?
Yes. between 1.4.6 and 1.4.10 there has been a database change. Below
the instructions from the MIGRATION file. It could be the package
maintainer already applied it if you are upgrading from apt.
You'll notice soon eno
Hi Yuri,
I can confirm that
ods-signer clear voja.de
ods-signer sign voja.de
fixes my problem.
The 1.4.6 is the latest available version for Debian Jessie. The 1.4.10 package
is available from testing/unstable only. I need to evaluate if I can upgrade
the signer VM to Debian testing. Is there
Hi Volker,
Quite a bit of problems since 1.4.6 have surfaced regarding SOA serial
and XFR (bump-in-wire setups). We have worked very hard to resolve those
and the latest result of that is 1.4.10. Please consider upgrading, it
is very likely to fix whatever bug you are facing.
Your message doesn't
Hello,
I forgot to look in the logfile, too. As of the time of the monitoring alert I
was able to identify these log entries from the time the zone broke:
Jul 19 01:25:56 a ods-enforcerd: Zone voja.de found.
Jul 19 01:25:56 a ods-enforcerd: Policy for voja.de set to default.
Jul 19 01:25:56 a od
Hello,
I'd like to see your key list (running 'ods-ksmutil key list -v
--all').
If the chain is still broken, the tmp and signed files might be
helpful. If it is possible please send me those files.
I sent you the files and key list off-list.
For the record: my AXFR problem to one slave is s
Hello,
I'd like to see your key list (running 'ods-ksmutil key list -v --all').
If the chain is still broken, the tmp and signed files might be helpful. If it
is possible please send me those files.
Regards,
Hoda Rohani
On 19-07-16 16:06, Volker Janzen wrote:
> Hi Jan-Piet,
>
> I have not save
Hi Jan-Piet,
I have not saved the old tmp entry, I forgot about that. :-(
But according to http://dnssec-debugger.verisignlabs.com/voja.de my live zone
is still broken with the same error and available for further debugging.
The current signed file just have one NSEC3PARAM:
grep NSEC3PARAM voj
What steps can I do to find out what might have gone wrong?
I hope you still have the intermediate (tmp/) and signed files? Check whether
you have more than 1 NSEC3PARAM records in the output. I've frequently been
bitten by that .
-JP
___
O
Hi,
my monitoring found one zone in OpenDNSSEC that was not properly signed.
It's the domain I'm sending from: voja.de.
I found that one of my slaves had a wrong serial for the zone, I forced
him to fetch the current zone, but that does not solve my issue.
I backed up the signed zone file t
