-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: OpenDNSSEC 2.1
-
Fix Version/s: None
-
Component/s: Configuration
-
Labels:None
-
Environment:
RHEL9 x86_64, OpenDNSSEC 2.1.12 using rpmbuild, SoftHSM 2.61. from RHEL9 AppStream repo, mysqld 10.5.16-MariaDB, 4-core VM in ESXi, signer config is default 4 WorkerThreads, 1 SignerThread, mysql as enforcer backend
Upon signer start, there's one line of error message per zone:
ods-signerd[25482]: [duration] cannot create from string 0: P not found
This is because files in /var/opendnssec/tmp read '...valid PT1209600S denial PT1209600S keyset 0 jitter PT60s ...'. The 'keyset 0' is invalid.
The failing check (in 2.1.12) sources is in opendnssec-2.1.12/signer/src/signer/zone.c:873 .
The signconfparser.c function parse_sc_sig_validity_keyset() maybe involved, but the comment clearly indicates the intent is to write it in duration format into backup files.