-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Cannot Reproduce
-
Affects Version/s: OpenDNSSEC 1.3.4
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:
Debian Squeeze, OpenDNSSEC packages 1.3.4-1
If Resalt in kasp.xml is set to e.g. PT1H, with Resign also PT1H, auditor fails with errors:
ods-auditor[13208]: NSEC3PARAM has wrong salt : should be 49d9de6664d13f7f3b5e but was 3ec159d2d2b2d3f84216
ods-auditor[13208]: NSEC3 has wrong salt : should be 49d9de6664d13f7f3b5e but was 3ec159d2d2b2d3f84216
....
ods-auditor[13208]: Too much output from auditor - suppressing for rest of run
Or fails with assert:
ods-signerd: ../../../signer/src/signer/tools.c:228: tools_nsecify: assertion zone->nsec3params failed
ods-enforcerd: HSM reopened successfully.
ods-enforcerd: Reading config "/etc/opendnssec/conf.xml"
ods-enforcerd: Reading config schema "/usr/share/opendnssec/conf.rng"
...
and then on next run:
ods-enforcerd: /var/lib/opendnssec/db/kasp.db.our_lock already locked, sleep
....
ps auxf shows
107 13275 0.0 0.0 33616 2448 ? Ss Jan16 0:00 /usr/sbin/ods-signerd
107 16756 0.0 0.0 4000 560 ? S Jan16 0:00 _ sh -c /usr/sbin/ods-signer sign lt > /dev/null 2>&1
107 16757 0.0 0.0 22500 1308 ? S Jan16 0:00 _ /usr/sbin/ods-signer sign lt
which looks stuck, and has to be -KILL killed to restart.
To fix the problem, I had to stop opendnssec-signer/enforcer, remove files from /var/lib/opendnssec/tmp and restart.
- relates to
-
-
- Closed
-