On 19 Nov 2012, at 16:32, Casper Gielen wrote: > Hello, > this is a little precautionary tale for anyone running OpenDNSSEC. > tl;dr Don't make syntax errors in zonelist.xml > > > Today I added a new zone to opendnssec. We manage zonelist.xml by hand > (it's stored in SVN). Unfortunately I made a typo and deleted one > character (a '<') somewhere in the middle of the file. Unaware of the > typo I loaded the broken zonelist.xml (with ods-ksmutil update all). > OpenDNSSEC promptly informed me that it was unable to parse the > zonefile. I found and my mistake and loaded the new file and didn't > think about it anymore until 15 minutes later every alarm in our system > went off. > > Every zone after my typo had been erased and was being recreated. > > Unfortunately I did not realize the source of the problem right away. > With hindsight the correct solution would have been to recover the > entire OpenDNSSEC from backup. Instead I uploaded the new keys to our > registrar. > > > feature request: Please check the configuration for syntax-errors before > acting upon it.
Hi Casper - thanks for alerting us to this. The xml syntax is checked and this should have been caught so this is a (nasty) bug. Could you please report it at: http://bugs.opendnssec.org/ (if you still have the logs/example zonelist.xml please attached to the issue as that would be really useful). Also - what version of OpenDNSSEC are you running? For future reference you can run a standalone tool called ods-kaspcheck that will check the xml files and produce logs like: Nov 19 16:44:46 ods ods-kaspcheck: INFO: The XML in /etc/opendnssec/conf.xml is valid Nov 19 16:44:46 ods ods-kaspcheck: INFO: The XML in /etc/opendnssec/zonelist.xml is valid Nov 19 16:44:46 ods ods-kaspcheck: INFO: The XML in /etc/opendnssec/kasp.xml is valid if everything is happy. These are the same checks that are (or should be!) run by OpenDNSSEC when it loads new xml files while running. Sara. > > -- > Casper Gielen <[email protected]> | LIS UNIX > PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 > > Universiteit van Tilburg | Postbus 90153, 5000 LE > Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
