Am 16.08.19 um 20:36 schrieb Berry A.W. van Halderen: > On 8/16/19 6:21 PM, Ulrich-Lorenz Schlüter wrote: >> I checked perms as described. >> Turned up logging verbosity. >> "ods-ksmutil key list --verbose" does not spit out any keys. >> > > Did you perform the upgrade steps to get to 1.4.14? Where there > any anomalies? > If ods-ksmutil does not list keys, but there are no errors either > then I would suspect problems there. However if you increased logging > level there should be more explanatory help in the logging. Perhaps > in the syslog configuration these are repressed, or they end up in a > different log file. > > You can also try the command "ods-hsmutil list" to list keys. The > ods-ksmutil lists keys as known to OpenDNSSEc, ods-hsmutil lists keys > as found in the HSM. I migrated to fedora 30 aarch64 as upgrading on centos seemed to much of a hassle. By now ods-ksmutil and ods-hsmutil both list keys. opendnssec is missing files in the /var/opendnssec/signed and /var/opendnssec/unsigned folder.
Aug 17 10:54:55 one ods-signerd[5550]: [netio] no events before the minimum timeout expired Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de timeout Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de make request [udp round 0 master 127.0.0.1:53] Aug 17 10:54:55 one ods-signerd[5550]: [domain] tsig sign query with key: opendnssec-in. Aug 17 10:54:55 one ods-signerd[5550]: [domain] tsig sign query with algorithm: hmac-md5.sig-alg.reg.int. Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] tsig append rr to request id=35511 Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de request udp/ixfr=1565763800 to 127.0.0.1 Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] send 186 bytes over udp to 127.0.0.1 Aug 17 10:54:55 one ods-signerd[5550]: [xfrhandler] netio dispatch Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de event udp read Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de sets timer timeout now Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de read data from udp Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de got update indicating current serial 1565763800 from 127.0.0.1 Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de sets timer timeout refresh 3600 Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de wait refresh time Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] zone sycosys.de xfr packet parsed (res 5) Aug 17 10:54:55 one ods-signerd[5550]: [xfrd] xfr/newlease from 127.0.0.1 Aug 17 10:54:55 one ods-signerd[5550]: [xfrhandler] netio dispatch Aug 17 10:55:59 one ods-signerd[5550]: [socket] incoming udp message Aug 17 10:55:59 one ods-signerd[5550]: [tsig] parse: not TSIG or not ANY Aug 17 10:55:59 one ods-signerd[5550]: [tsig] parse: not TSIG or not ANY Aug 17 10:55:59 one ods-signerd[5550]: [query] too many additional rrs Aug 17 10:55:59 one ods-signerd[5550]: [query] formerr Aug 17 10:55:59 one ods-signerd[5550]: [socket] query processed qstate=0 Aug 17 10:55:59 one ods-signerd[5550]: [query] add edns opt ok Aug 17 10:55:59 one ods-signerd[5550]: [socket] sending 144 bytes over udp Aug 17 10:55:59 one ods-signerd[5550]: [dnshandler] netio dispatch Aug 17 10:56:50 one ods-enforcerd[5540]: HSM connection open. Aug 17 10:56:50 one ods-enforcerd[5540]: Reading config "/etc/opendnssec/conf.xml" Aug 17 10:56:50 one ods-enforcerd[5540]: Reading config schema "/usr/share/opendnssec/conf.rng" Aug 17 10:56:50 one ods-enforcerd[5540]: Communication Interval: 3600 Aug 17 10:56:50 one ods-enforcerd[5540]: No DS Submit command supplied Aug 17 10:56:50 one ods-enforcerd[5540]: SQLite database set to: /var/opendnssec/kasp.db Aug 17 10:56:50 one ods-enforcerd[5540]: Log User set to: local0 Aug 17 10:56:50 one ods-enforcerd[5540]: Switched log facility to: local0 Aug 17 10:56:50 one ods-enforcerd[5540]: Connecting to Database... Aug 17 10:56:50 one ods-enforcerd[5540]: Policy default found. Aug 17 10:56:50 one ods-enforcerd[5540]: Key sharing is Off. Aug 17 10:56:50 one ods-enforcerd[5540]: 2 zone(s) found on policy "default" Aug 17 10:56:50 one ods-enforcerd[5540]: No new KSKs need to be created. Aug 17 10:56:50 one ods-enforcerd[5540]: No new ZSKs need to be created. Aug 17 10:56:50 one ods-enforcerd[5540]: Purging keys... Aug 17 10:56:50 one ods-enforcerd[5540]: zonelist filename set to /etc/opendnssec/zonelist.xml. Aug 17 10:56:50 one ods-enforcerd[5540]: Zone sycosys.de found. Aug 17 10:56:50 one ods-enforcerd[5540]: Policy for sycosys.de set to default. Aug 17 10:56:50 one ods-enforcerd[5540]: Config will be output to /var/opendnssec/signconf/sycosys.de.xml. Aug 17 10:56:50 one ods-enforcerd[5540]: WARNING: New KSK has reached the ready state; please submit the DS for sycosys.de and use ods-ksmutil key ds-seen when the DS appears in the DNS. Aug 17 10:56:50 one ods-enforcerd[5540]: No change to: /var/opendnssec/signconf/sycosys.de.xml Aug 17 10:56:50 one ods-enforcerd[5540]: Zone schlueter.family found. Aug 17 10:56:50 one ods-enforcerd[5540]: Policy for schlueter.family set to default. Aug 17 10:56:50 one ods-enforcerd[5540]: Config will be output to /var/opendnssec/signconf/schlueter.family.xml. Aug 17 10:56:50 one ods-enforcerd[5540]: WARNING: New KSK has reached the ready state; please submit the DS for schlueter.family and use ods-ksmutil key ds-seen when the DS appears in the DNS. Aug 17 10:56:50 one ods-enforcerd[5540]: No change to: /var/opendnssec/signconf/schlueter.family.xml Aug 17 10:56:50 one ods-enforcerd[5540]: Disconnecting from Database... Aug 17 10:56:50 one ods-enforcerd[5540]: Sleeping for 3600 seconds. Aug 17 10:57:04 one ods-signerd[5550]: [socket] incoming udp message Aug 17 10:57:04 one ods-signerd[5550]: [tsig] parse: not TSIG or not ANY Aug 17 10:57:04 one ods-signerd[5550]: [tsig] parse: not TSIG or not ANY Aug 17 10:57:04 one ods-signerd[5550]: [query] too many additional rrs Aug 17 10:57:04 one ods-signerd[5550]: [query] formerr Aug 17 10:57:04 one ods-signerd[5550]: [socket] query processed qstate=0 Aug 17 10:57:04 one ods-signerd[5550]: [query] add edns opt ok Aug 17 10:57:04 one ods-signerd[5550]: [socket] sending 138 bytes over udp Aug 17 10:57:04 one ods-signerd[5550]: [dnshandler] netio dispatch _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
