-
Type:
Support
-
Status: Closed
-
Priority:
Minor
-
Resolution: Outdated
-
Affects Version/s: OpenDNSSEC 1.3.5
-
Fix Version/s: None
-
Component/s: Enforcer, PKCS#11 Interface, Signer
-
Labels:None
-
Environment:
Red Hat Enterprise Linux Server release 5.11 (Tikanga)
SafeNet HSM
At 6:08 signing the zonefile went OK.
At 6:17, during the wake-up, a new ZSK was created.
Created ZSK size: 1024, alg: 8 with id: ******** in repository ...
At 6:38 signing the zonefile resulted in an error:
Nov 5 06:38:01 signerp4 ods-signerd: [hsm] sign final: CKR_OBJECT_HANDLE_INVALID
Nov 5 06:38:01 signerp4 ods-signerd: [rrset] unable to sign RRset[48]: error creating RRSIG RR
Nov 5 06:38:01 signerp4 ods-signerd: [worker[1]] sign zone <zonefile> failed: 1 of 28 signatures failed
Between the 2 zonefiles only serial and TXT record are different.
I removed <zone>.inbound and <zone>.backup.
ODS was restarted.
After that the signing went OK.
What can be the cause of this error, and what's the chance that it happens again?