Discussion:
[Opendnssec-user] Issues after adding new zone
Emil Landström
2018-09-19 14:41:07 UTC
Permalink
Hi,

I'm running into an issue after having added a new zone with the command:

ods-ksmutil zone add -z example.domain.com -p policyname -i /zone/file/directory/unsigned/db.example.domain.com -o /zone/file/directory/signed/db.example.domain.com

I can see that KSK and ZSK have been generated for the new zone when I run ods-ksmutil key list -v, but when I try to run ods-signer sign example.domain.com I get an error message:

Unable to connect to engine: connect() failed: No such file or directory

After adding the new zone I also get this same error message while trying to sign an old existing zone. Before I added the new zone I was able to sign the old one without errors but now it doesn't work anymore. Any ideas as to what could be wrong?

//Emil Landström


Sensitivity: Internal
Abdulkareem H. Ali
2018-09-20 09:08:27 UTC
Permalink
Hi Emil,
Post by Emil Landström
I can see that KSK and ZSK have been generated for the new zone when I
run ods-ksmutil key list -v,


This suggest that the ods-enforcerd have generated the required keys as
inteded, which is good.
Post by Emil Landström
but when I try to run ods-signer sign example.domain.com I get an error
Unable to connect to engine: connect() failed: No such file or directory
This indicates that ods-signerd isn't running or something blocking it.
Are other signing operations running as intended?

AFAIK, one thing the ods-enforcerd issues after it generates new keys
for a zone is 'ods-signer update ZONE'. This will update the signconf
file for the zone with new keys details, do you see that file correctly
or not?

It usually sits in /var/opendnssec/signconf/ZONE.conf


Also I'm sure you tried restarting ods-signerd at least once, right ?

Kareem.
Post by Emil Landström
Hi,
 
 
ods-ksmutil zone add -z example.domain.com -p policyname -i
/zone/file/directory/unsigned/db.example.domain.com -o
/zone/file/directory/signed/db.example.domain.com
 
I can see that KSK and ZSK have been generated for the new zone when I
run ods-ksmutil key list -v, but when I try to run ods-signer sign
 
Unable to connect to engine: connect() failed: No such file or directory
 
After adding the new zone I also get this same error message while
trying to sign an old existing zone. Before I added the new zone I was
able to sign the old one without errors but now it doesn’t work
anymore. Any ideas as to what could be wrong?
 
//Emil Landström
Sensitivity: Internal
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
--
Abdulkareem H. Ali
Operations Team Leader
CentralNic Group PLC
London Stock Exchange Symbol: CNIC

+44 20 3388 0600
www.CentralNic.com

CentralNic Group PLC is a company registered in England and Wales with
company number 8576358. Registered Offices: 35-39 Moorgate, London, EC2R
6AR.
Continue reading on narkive:
Loading...