Package: dnssec-tools
Version: 2.1
Summary:
rndc is being used incorrectly; mandatory arguments are missing.
Symptoms:
Log file shows:
ZSK phase 2: unable to reload zone, rc - 1
The root cause of the bug seems to be this: the way that
/usr/share/perl5/Net/DNS/SEC/Tools/rollmgr.pm invokes rndc is
incorrect when zones have a view. When there is a view,
there are additional MANDATORY arguments
So: circa line 1153 or rollmgr.pm we see:
`$rndc reload $zone >/dev/null 2>&1`;
Removing the redirect to /dev/null so that the error can be seen
reveals this:
rndc: 'reload' failed: not found
no matching zone 'myzone.org' in any view
The correct invocation should have been this:
`$rndc reload $zone IN $view`;
where $view is the appropriate view for the zone being signed.
>From some rndc docs:
> rndc reload class and view arguments are only optional
> if no views are defined in the named configuration.
>
> If any views are defined in the named configuration,
> then ALL zones must be in a view, and the view name
> is required in order to identify a zone.
Cannot provide a patch; adding the required $view argument
trickles through the entire dnssec-tools toolchain, including
changes to the config files, and to donuts.
Two hacks are possible:
-- write a cronjob to reload zones nightly
-- edit rollmgr.pm and invoke rndc reload without any
zone argument (i.e. reload all zones)
