On Thu, 21 Jun 2012, Matthijs Mekking wrote:
With what HSM backend is this? Going through the list of fixed issues, this sounds familiar tohttps://issues.opendnssec.org/browse/ODSPTHIST-294 The problem then was in SoftHSM, which was fixed in 1.1.1, so I guess that's not it.
This happened with an AEP Keyper.
I committed a defense mechanism for this, in trunk r6449. You'll need ldns trunk too (the upcoming 1.6.14, which will be released prior to OpenDNSSEC 1.4.0). Basically what it does, is every time that ldns is unable to convert a RDATA into a string, the signer engine uses the error to prevent writing out the signed zone/journal files. You will see this in the logs as: ods-signerd: [adapter] unable to write zone example.com file /opt/opendnssec/var/opendnssec/signed/example.com: one or more RR print failed Please let me know how this works for you.
That works, but could you log the rdata somehow? Or possibly have a pointer back to a line number in the zone file? Paul _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
