Hi All,
I recreated my dnssec/opendnssec configuration from scratch (as far as I can tell, I used "ods-enforcer-db-setup" as described under "clear all state and start over"). However after restarting I still see the same issue that I described in August i.e. the ods-signerd crashes on startup (see below). I would be grateful for any suggestions how to proceed. Is there any additional debugging info. which I could collect that might help with analysis of the problem? Anybody out there actually using Opendnssec on OpenBSD? Thanks in advance. Yours, Robb. On 27 Aug, Robb wrote: > ... > I am attempting to setup secure DNS on an OpenBSD 6.7 system using NSD, > Unbound and Opendnssec. > > I seem to have arrived at a point where the ods-signerd daemon crashes on > startup i.e. > > # ods-signerd -dv > > OpenDNSSEC signer engine version 2.1.6 > > Bus error in ldns_rr_clone > > Threaddump > > Threaddump > > Threaddump > > Threaddump > > Threaddump > > Threaddump > > Threaddump > > Threaddump > > Threaddump > > Threaddump > > Bus error > > AFAICT no core file is dumped/written, so I can't give you a stacktrace or > other useful info. > > Also, another related issue. The RC script to manage Opendnssec reports a > status of OK even after ods-signerd has crashed i.e. > > # rcctl check opendnssec > > opendnssec(ok) > > I only realised the issue because of this "hint" in the syslog.daemon file: > > ... ods-signerd: [util] pidfile /var/run/opendnssec/signerd.pid already > > exists, but no process with pid 60272 is running. A previous instance > > didn't shutdown cleanly, this pidfile is stale. > > In the meantime it seems to have stopped logging even that message. I assume > I have made some configuration error and that that is what is triggering the > crash. I am open to helpful suggestions about what might be wrong, however > at this point I will probably reinitialise the configuration and try > starting again, from scratch. > > I have a couple of other error that get logged, I don't know if they might > somehow be related ... > > 1. At startup NSD logs this, but then seems to carry on and function > normally, at least to judge by the log messages. > > ... nsd[84130]: zonefile /var/opendnssec/signed/xxx.de does not exist > That file does exist and is readable by _nsd (the associated username). > > 2. I am also unsure what this might mean: > > ... ods-enforcerd: [signconf_cmd] unable to notify signer of signconf > > changes for zone xxx.de! > > Thanks in advance! > ... _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
