-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It appears that the sum of RRsets here is confusing. To avoid this, I have rephrased the error message into:
Jul 12 11:54:53 signer-01 ods-signerd: [worker[3]] sign zone ca failed: 81 RRsets failed No more reference to the total number of RRsets in the zone. Best regards, Matthijs On 07/16/2012 05:08 PM, Paul Wouters wrote: > > In a lab system we had some issues with the HSM (still pending > investigation). We saw the following in the logs: > > Jul 12 11:54:52 signer-01 ods-signerd: [hsm] sign final: > CKR_DEVICE_ERROR Jul 12 11:54:52 signer-01 ods-signerd: [hsm] sign > final: CKR_DEVICE_ERROR Jul 12 11:54:53 signer-01 ods-signerd: > [hsm] sign final: CKR_DEVICE_ERROR Jul 12 11:54:53 signer-01 > ods-signerd: [hsm] sign final: CKR_DEVICE_ERROR Jul 12 11:54:53 > signer-01 ods-signerd: [worker[3]] sign zone ca failed: 81 of > 1910549 signatures failed > > The zone involved is a large test zone with opt-in. It should only > require a handful of RRSIGs, not 1910549. I think the reporting of > this latter number is based on an assumption of no-opt-in. > > It's somewhat misleading, as I think all RRSIG generation failed, > and the message 81 out of 1910549 failed wrongly suggests some > RRSIGs were correctly generated. > > Paul _______________________________________________ > Opendnssec-user mailing list [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQDTyFAAoJEA8yVCPsQCW5ObkH/1J81N+cy108SxdOS9qwInKV iyDuPn0Zsxas4EHx3YiF5V3+ZGaPdutVqTXDR26961VWOvb56Q4V93nPLYNTFHxA jIlrw/Jn1RlDR0PsFQs629RSj9oWke9d5ueP1x1PzOtlz0W3cRxt/Ag9q/32r3Gy 7phxYlXZsE8P6+Ynuh8C8TDEjuDddok2rCdYe0XhoEWAW1gRIQW6/oiZU0ESEOJw X/THNXCqHnc95zG7H1B8YoNtM/gMVsCrkKf4VATASMPIWQKREVnF+5BWNXDZ18RG WqCVa45ZpSn9kjTSkMspmfXN4kaRHa+5YvmIQtKbmK/Sl1bv/TPAeFHGxgobiWQ= =L/Qq -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
