Hi Paul, Please attach all logs and such to https://issues.opendnssec.org/browse/SUPPORT-22 .
Cheers /Jerry On 5 mar 2012, at 18:20, Paul Wouters <[email protected]> wrote: > > Hi, > > I'm seeing these kind of errors now: > > Mar 4 03:26:10 nohats ods-auditor[1377]: openswan.net : NSEC3PARAM has wrong > salt : should be 715e22f77cc2f0d7 but was e08d8fa4ddb9e519 > > This is happening for 12 out of 18 domains on this particular server. > opendnssec running was 1.3.6. no recent changes to binaries or config > files. > > After running ods-control stop and moving the /var/opendnssec/tmp/ files > out of the way, and running ods-control start, everything got signed > again properly. > > Looking at one set that broke, openswan.net: > > openswan.net.backup: > > ;ODSSE2 > ;;Zone: name openswan.net class 1 ttl 3600 inbound 2012012908 internal > 2012013005 outbound 2012013005 > ;;Task: when 1330852177 what 4 interrupt 0 halted 0 backoff 0 flush 0 > ;;Signconf: lastmod 1330794270 resign PT7200S refresh PT259200S valid > PT604800S denial PT604800S jitter PT43200S offset PT3600S nsec 50 dnskeyttl > PT3600S soattl PT3600S soamin PT3600S serial unixtime audit 1 > ;; > ;;Nsec3parameters: salt 715e22f77cc2f0d7 algorithm 1 optout 0 iterations 5 > openswan.net. 3600 IN NSEC3PARAM 1 0 5 715e22f77cc2f0d7 > ;;Nsec3done > > openswan.net.finalized: > > openswan.net. 3600 IN NSEC3PARAM 1 0 5 715e22f77cc2f0d7 > > Note that in the currently just signed zone, the NSEC3PARAM is > 715e22f77cc2f0d7. I did not find a reference to e08d8fa4ddb9e519 > > The tmp directory and system logs are available to developers if needed, > > Paul > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
