Re: [Opendnssec-user] ods-signerd unresponsive/crashes

Wed, 21 Dec 2011 01:29:12 -0800 

Am 20.12.2011 11:52, schrieb Michael Braunoeder:

Hi,

I'm running OpenDNSSEC 1.3.3 on a 64-bit-Debian 6.0 (packages backported
manually from unstable). The zone to be signed is transfered via
zonefetcher, signed and loaded on a local nameserver, the keys are
stored in a HSM (Thales ncipher).

After running a lot of test without any problems (including an endless
loop signing (start a new sign-run after completing the last one) we
moved to semi-production where I noticed 2 problems:

- One of the 2 running ods-signerd processes sometimes crashes with this
error messages:

  >  kernel: [444495.143165] ods-signerd[1939] trap stack segment
ip:41a1c6 sp:7fa3a855be00 error:0
I tried to reproduce the problem with verbosity 255 but I didn't get any useful error message: 


Dec 21 10:01:25 nssig2 ods-signerd: [fifo] popped item, count=986
Dec 21 10:01:25 nssig2 ods-signerd: [rrset] signature validity 1142571 in range 
[1126800 - 1299600]
Dec 21 10:01:25 nssig2 ods-signerd: skipping key 
34517225089a4287e949bf7dd0fae5f5 for signing: RRset[1] already bsignature with 
same algorithm
Dec 21 10:01:25 nssig2 ods-signerd: [rrset] skipping key 
852d8652f265d1aabb7839338dbb2a13 for signing RRset[16]: no active ZSK
Dec 21 10:01:25 nssig2 ods-signerd: [rrset] signature validity 1209547 in range 
[1126800 - 1299600]
Dec 21 10:01:25 nssig2 ods-signerd: [rrset] recycle signature for RRset[50] 
(refresh=1324717220, signtime=1324458020, inception=1324386138, 
expiration=1325628394)
Dec 21 10:01:25 nssig2 ods-signerd: [fifo] popped item, count=987
Dec 21 10:01:25 nssig2 ods-signerd: skipping key 
34517225089a4287e949bf7dd0fae5f5 for signing: RRset[1] already has signature 
with same algorithm
Dec 21 10:01:25 nssig2 ods-signerd: [fifo] popped item, count=986
Dec 21 10:01:25 nssig2 kernel: [1973275.222995] ods-signerd[9436] trap stack 
segment ip:41a1c6 sp:7f63027fbe00 error:0
Looks ok for me (except the last line ;-) Could this be an OpenDNSSEC or an HSM problem?
After an restart, the backup files are corrupt but a full signature run completes without any problems. 

Best,
Michael
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Reply via email to