Hi - This should be fixed in OpenDNSSEC svn r5992, which will make its way into ODS 1.3.4.
Thanks for the report, Alex. On 31 Dec 2011, at 14:42, Wytze van der Raay wrote: > Since Dec 26, we are suddenly experiencing a problem with the ods-auditor: > it has started to reject the signed result for the cacert.org zone: > > Dec 26 13:32:46 ns ods-auditor[13655]: Auditor started > Dec 26 13:32:46 ns ods-auditor[13655]: Auditor starting on cacert.org > Dec 26 13:32:47 ns ods-auditor[13655]: SOA differs : from 2011122301 to > 2011122606 > Dec 26 13:32:47 ns ods-auditor[13655]: Auditing cacert.org zone : NSEC3 SIGNED > Dec 26 13:32:48 ns ods-auditor[13655]: Unexpected error auditing files > (/var/opendnssec/tmp/cacert.org.inbound and > /var/opendnssec/tmp/cacert.org.finalized) : ERR private method `split' called > for nil:NilClass- moving on to next zone. Trace for debugging : > /usr/local/lib/opendnssec/kasp_auditor/auditor.rb:1275:in `get_name_and_types' > /usr/local/lib/opendnssec/kasp_auditor/auditor.rb:1227:in > `check_nsec3_types_and_opt_out' > /usr/local/lib/opendnssec/kasp_auditor/auditor.rb:1184:in `open' > /usr/local/lib/opendnssec/kasp_auditor/auditor.rb:1184:in > `check_nsec3_types_and_opt_out' > /usr/local/lib/opendnssec/kasp_auditor/auditor.rb:1182:in `open' > /usr/local/lib/opendnssec/kasp_auditor/auditor.rb:1182:in > `check_nsec3_types_and_opt_out' > /usr/local/lib/opendnssec/kasp_auditor/auditor.rb:1180:in `open' > /usr/local/lib/opendnssec/kasp_auditor/auditor.rb:1180:in > `check_nsec3_types_and_opt_out' > /usr/local/lib/opendnssec/kasp_auditor/auditor.rb:184:in `check_zone' > /usr/local/lib/opendnssec/kasp_auditor.rb:215:in `full_audit' > /usr/local/lib/opendnssec/kasp_auditor.rb:168:in `run_with_syslog' > /usr/local/lib/opendnssec/kasp_auditor.rb:142:in `each' > /usr/local/lib/opendnssec/kasp_auditor.rb:142:in `run_with_syslog' > /usr/local/lib/opendnssec/kasp_auditor.rb:115:in `run' > /usr/local/lib/opendnssec/kasp_auditor.rb:113:in `open' > /usr/local/lib/opendnssec/kasp_auditor.rb:113:in `run' > /usr/local/bin/ods-auditor:169 > Dec 26 13:32:48 ns ods-signerd: [worker[1]] backoff task [nsecify] for zone > cacert.org with 60 seconds > > The same error was repeated on every new attempt to resign/audit the zone. > As a result, the resigned zone does not get installed, and after a few days > we ended up with expired signatures in the zone. > > This happened while running OpenDNSSEC 1.3.2. On Dec 30 I have upgraded our > installation to 1.3.4, but this has not brought any improvement; the zone > keeps getting rejected by ods-auditor. However, simply deploying the file > "cacert.org.finalized" left in /var/opendnssec/tmp seems to work just fine, > the zone runs with up-to-date signatures again now. > > Can someone please advise as to how to get rid of this "Unexpected error" > in the ods-auditor, so the deployment of resigned zonefiles is automatic > again as it should? > > Regards, > Wytze van der Raay > > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
