-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/21/2012 06:59 PM, Paul Wouters wrote: > On Thu, 21 Jun 2012, Matthijs Mekking wrote: > >> With what HSM backend is this? Going through the list of fixed >> issues, this sounds familiar to >> >> https://issues.opendnssec.org/browse/ODSPTHIST-294 >> >> The problem then was in SoftHSM, which was fixed in 1.1.1, so I >> guess that's not it. > > This happened with an AEP Keyper. > >> I committed a defense mechanism for this, in trunk r6449. You'll >> need ldns trunk too (the upcoming 1.6.14, which will be released >> prior to OpenDNSSEC 1.4.0). Basically what it does, is every time >> that ldns is unable to convert a RDATA into a string, the signer >> engine uses the error to prevent writing out the signed >> zone/journal files. You will see this in the logs as: >> >> ods-signerd: [adapter] unable to write zone example.com file >> /opt/opendnssec/var/opendnssec/signed/example.com: one or more >> RR print failed >> >> Please let me know how this works for you. > > That works, but could you log the rdata somehow? Or possibly have > a pointer back to a line number in the zone file?
Well, if printing the RR fails, it is unlikely that logging it will work. I do log the RRset that is failing: + log_rrset(ldns_rr_owner(rrset->rrs[i].rr), rrset->rrtype, + "error printing RRset", LOG_CRIT); > > Paul -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP44qnAAoJEA8yVCPsQCW5swAH/i81mVd8GS+18BeILVCuY1e7 vdUYIzzN05O8BglLf2K+X0dFKFVuhDqtYk9+KWtEaLT/yyz1QHcVUTDXchHxOq/o 3ZKSHKvtQNZpdml8J4oA9RTK/2szjy0SdSFkKSj9NnQ8lRbZgSqfXd1qxC+vSgZI M4WY4QGPIC1ZqjVkDolvXgFdOu22XCuURXaU4cU32bzuwSNiYzpQP76Em7FFbLhL jKRZNR2GcsLeh+SNoq+dT2efL/whjVgH7nQOPtAAf9IbVhcG6x50XZzlUzh4L3sK d9yqKVmBn5B7yZMzpPK6PkHFodSi1M301pbWWKsm3fYNNoDGZgrOmr3iZG1T+Fw= =DQmP -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
