On 19-12-16 15:29, PGNet Dev wrote: > On 12/19/2016 12:21 AM, Hoda Rohani wrote: >> ods 2.X now accepts these kind of format: '1W' and '3H'. > > ok > >> Name of zone file must match the name of zone, that was your problem. > > realized that since my zone files (a) are in a chroot and (b) contain > INCLUDE stmts, that a compiled version was needed for opendnssec to process > > mkdir -p /svr/named/namedb/compiled > named-compilezone \ > -t "/svr/named" \ > -f text -F text \ > -o /namedb/compiled/example.info.compiled \ > example.info /namedb/master/example.info.zone > > then matching the zone name with the zonefile name > > mv /svr/named/namedb/compiled/example.info.compiled > /var/opendnssec/unsigned/example.info > > cleaning > > /usr/local/opendnssec/sbin/ods-enforcer zone delete --all > > then signing > > /usr/local/opendnssec/sbin/ods-enforcer zone add -z example.info.zone > -p lab > > now works > > ls -al /var/opendnssec/signed/example.info > -rw-r--r-- 1 root root 11K Dec 19 06:14 > /var/opendnssec/signed/example.info > > Thanks. > > > Fwiw, in the OP, that the output of the enforcer command reported > > Zone example.info added successfully >
This message comes from enforcer, everything is fine at this side. The problem occurs in signer and its error messages can be found only in syslog. > when it wasn't being created, and the logs clearly contained errors is > misleading. It'd be useful to have the signing step report an error at > console ... > Yes, it would be useful to see those error messages at console but it needed ods-signerd to run with -d (no-daemon). Regards, Hoda _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
