I have an issue here, running OpenDNSSEC 1.2.1. Automatic re-signing seems to have had some issues, giving me entries like these in my logs:
Apr 26 13:11:47 vimes ods-signerd: signature set has no RRSIG record: drop signatures for RRset[50] Apr 26 13:11:47 vimes ods-signerd: error creating RRSIG for rrset[50] Apr 26 13:11:47 vimes ods-signerd: unable to sign zone data: failed to sign domain Apr 26 13:11:47 vimes ods-signerd: task [sign zone bohrnag.org] failed So, I tried forcing a signing through ods-signer, and got these: Apr 26 14:02:45 vimes ods-signerd: cmdhandler: zone bohrnag.org scheduled for immediate re-sign Apr 26 14:02:45 vimes ods-signerd: signature set has no RRSIG record: drop signatures for RRset[50] Apr 26 14:02:45 vimes ods-signerd: error creating RRSIG for rrset[50] Apr 26 14:02:45 vimes ods-signerd: unable to sign zone data: failed to sign domain Apr 26 14:02:45 vimes ods-signerd: task [sign zone bohrnag.org] failed So, next step: I restarted OpenDNSSEC: Apr 26 14:06:39 vimes ods-enforcerd: opendnssec started (version 1.2.1), pid 85434 Apr 26 14:06:39 vimes ods-signerd: signer engine started Apr 26 14:06:42 vimes ods-auditor[85442]: Key (498) has gone straight to active use without a prepublished phase Apr 26 14:06:42 vimes ods-signerd: task [audit zone bohrnag.org] failed Apr 26 14:07:04 vimes ods-signerd: cmdhandler: zone bohrnag.org scheduled for immediate re-sign Apr 26 14:07:06 vimes ods-auditor[85460]: Key (498) has gone straight to active use without a prepublished phase Apr 26 14:07:06 vimes ods-signerd: task [audit zone bohrnag.org] failed Apr 26 14:09:04 vimes ods-auditor[85486]: Key (498) has gone straight to active use without a prepublished phase Apr 26 14:09:04 vimes ods-signerd: task [audit zone bohrnag.org] failed It's probably me doing something weird, but what? Anything I should look into in particular? Or any other information I should post? Regards Eivind Olsen [email protected] _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
