> That timestamp indeed seems strange. If a rollover would have happened I
> would expect that value to be updated. Is the signer running? - what is it
> logging?
>
> If you want I can take a look at your setup to make sure everything is in
> order. Can you provide me with the following details:
>
> - output of: ods-enforcer key list -d
> - output of: ods-enforcer queue
> - timestamp on signconf of dennisbaaten.com off list:
> - signconf of dennisbaaten.com
> - kasp.db
As requested, the information below.
****************
Signer is running and logging to syslog. I don't see anything strange in the
logs.
root@traxotic [~]$ service opendnssec-signer status
● opendnssec-signer.service - OpenDNSSEC signer daemon
Loaded: loaded (/lib/systemd/system/opendnssec-signer.service; enabled;
vendor preset: enabled)
Active: active (running) since Fri 2017-11-03 11:14:10 CET; 1 weeks 3 days
ago
Main PID: 17502 (ods-signerd)
Tasks: 11 (limit: 4915)
CGroup: /system.slice/opendnssec-signer.service
└─17502 /usr/sbin/ods-signerd -d
Nov 13 11:14:11 traxotic.net ods-signerd[17502]: [worker[2]] nothing to do
Nov 13 11:14:11 traxotic.net ods-signerd[17502]: [drudger[4]] report for duty
Nov 13 11:14:11 traxotic.net ods-signerd[17502]: [drudger[4]] nothing to do,
wait
Nov 13 11:14:11 traxotic.net ods-signerd[17502]: [drudger[2]] report for duty
Nov 13 11:14:11 traxotic.net ods-signerd[17502]: [drudger[2]] nothing to do,
wait
Nov 13 11:14:11 traxotic.net ods-signerd[17502]: [worker[3]] finished working
on zone otherdomain.nl
Nov 13 11:14:11 traxotic.net ods-signerd[17502]: [scheduler] schedule task
[sign] for zone otherdomain.nl
Nov 13 11:14:11 traxotic.net ods-signerd[17502]: [task] On Mon Nov 13 13:14:11
2017 I will [sign] zone otherdomain.nl
Nov 13 11:14:11 traxotic.net ods-signerd[17502]: [worker[3]] report for duty
Nov 13 11:14:11 traxotic.net ods-signerd[17502]: [worker[3]] nothing to do
****************
root@traxotic [~]$ ods-enforcer key list -d | grep dennisbaaten.com
key list completed in 0 seconds.
dennisbaaten.com ZSK NA unretentive NA
unretentive 0 0 ce3507796d7c176695bbfdc18f100fc6
dennisbaaten.com ZSK NA omnipresent NA
omnipresent 1 1 49bad7794a2e2c4d5f44755f33317982
dennisbaaten.com KSK omnipresent omnipresent
omnipresent NA 1 1 f82e46fa26d4772c3b09db259aa41a30
dennisbaaten.com ZSK NA rumoured NA
hidden 1 0 75602642359504fa4d1decc0d7ab37e4
****************
root@traxotic [~]$ ods-enforcer queue
There are 0 tasks scheduled.
It is now Mon Nov 13 11:11:20 2017 (1510567880 seconds since epoch)
queue completed in 0 seconds.
****************
root@traxotic [/var/lib/opendnssec/signconf]$ ll | grep dennisbaaten
-rw-r--r-- 1 opendnssec opendnssec 1124 Nov 3 11:13 dennisbaaten_com.xml
-rw-r--r-- 1 opendnssec opendnssec 1115 Oct 19 22:07 dennisbaaten_com.xml.OLD
****************
root@traxotic [/var/lib/opendnssec/signconf]$ cat dennisbaaten_com.xml
<?xml version="1.0" encoding="UTF-8"?>
<SignerConfiguration>
<Zone name="dennisbaaten.com">
<Signatures>
<Resign>PT2H</Resign>
<Refresh>P3D</Refresh>
<Validity>
<Default>P14D</Default>
<Denial>P14D</Denial>
</Validity>
<Jitter>PT12H</Jitter>
<InceptionOffset>PT1H</InceptionOffset>
<MaxZoneTTL>P1D</MaxZoneTTL>
</Signatures>
<Denial>
<NSEC/>
</Denial>
<Keys>
<TTL>PT12H</TTL>
<Key>
<Flags>256</Flags>
<Algorithm>8</Algorithm>
<Locator>ce3507796d7c176695bbfdc18f100fc6</Locator>
</Key>
<Key>
<Flags>256</Flags>
<Algorithm>8</Algorithm>
<Locator>49bad7794a2e2c4d5f44755f33317982</Locator>
<ZSK/>
<Publish/>
</Key>
<Key>
<Flags>257</Flags>
<Algorithm>8</Algorithm>
<Locator>f82e46fa26d4772c3b09db259aa41a30</Locator>
<KSK/>
<Publish/>
</Key>
</Keys>
<SOA>
<TTL>PT1H</TTL>
<Minimum>PT1H</Minimum>
<Serial>datecounter</Serial>
</SOA>
</Zone>
</SignerConfiguration>
****************
root@traxotic [~]$ db_dump -p /var/lib/opendnssec/kasp.db
db_dump: BDB0641 __db_meta_setup: /var/lib/opendnssec/kasp.db: unexpected file
type or format
db_dump: BDB5115 open: /var/lib/opendnssec/kasp.db: Invalid argument
I'm not able to dump the kasp.db database file. Maybe due to a versioning
incompatibility (.db file versus db_dump)?
--
Dennis
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
