On Sat, Aug 17, 2019 at 11:04:58AM +0200, Ulrich-Lorenz Schl??ter wrote: > Am 16.08.19 um 20:36 schrieb Berry A.W. van Halderen: > > On 8/16/19 6:21 PM, Ulrich-Lorenz Schl??ter wrote: > >> I checked perms as described. > >> Turned up logging verbosity. > >> "ods-ksmutil key list --verbose" does not spit out any keys. > >> > > > > Did you perform the upgrade steps to get to 1.4.14? Where there > > any anomalies? > > If ods-ksmutil does not list keys, but there are no errors either > > then I would suspect problems there. However if you increased logging > > level there should be more explanatory help in the logging. Perhaps > > in the syslog configuration these are repressed, or they end up in a > > different log file. > > > > You can also try the command "ods-hsmutil list" to list keys. The > > ods-ksmutil lists keys as known to OpenDNSSEc, ods-hsmutil lists keys > > as found in the HSM. > I migrated to fedora 30 aarch64 as upgrading on centos seemed to much of > a hassle. > By now ods-ksmutil and ods-hsmutil both list keys. > opendnssec is missing files in the /var/opendnssec/signed and > /var/opendnssec/unsigned folder. > > Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de xfr packet > parsed (res 5) > Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] xfr/newlease from 127.0.0.1 > Aug 17 10:54:55 one ods-signerd[5550]: [xfrhandler] netio dispatch > Aug 17 10:55:59 one ods-signerd[5550]: [socket] incoming udp message > Aug 17 10:55:59 one ods-signerd[5550]: [tsig] parse: not TSIG or not ANY > Aug 17 10:55:59 one ods-signerd[5550]: [tsig] parse: not TSIG or not ANY > Aug 17 10:55:59 one ods-signerd[5550]: [query] too many additional rrs > Aug 17 10:55:59 one ods-signerd[5550]: [query] formerr ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The problem is here. Check server TSIG-settings and adapters in addns.xml.
> Aug 17 10:55:59 one ods-signerd[5550]: [socket] query processed qstate=0 > Aug 17 10:55:59 one ods-signerd[5550]: [query] add edns opt ok > Aug 17 10:55:59 one ods-signerd[5550]: [socket] sending 144 bytes over udp > Aug 17 10:55:59 one ods-signerd[5550]: [dnshandler] netio dispatch > Aug 17 10:56:50 one ods-enforcerd[5540]: HSM connection open. > Aug 17 10:56:50 one ods-enforcerd[5540]: Reading config > "/etc/opendnssec/conf.xml" _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
