[Freeipa-users] Unable to configure DNSSEC signing
Gary T. Giesen
ggiesen+freeipa-users at giesen.me
Tue May 3 10:30:23 UTC 2016
May 03 06:21:09 host.example.com systemd[1]: Stopping Berkeley Internet Name
Domain (DNS) with native PKCS#11...
May 03 06:21:09 host.example.com named-pkcs11[27047]: received control
channel command 'stop'
May 03 06:21:09 host.example.com named-pkcs11[27047]: shutting down:
flushing changes
May 03 06:21:09 host.example.com named-pkcs11[27047]: stopping command
channel on 127.0.0.1#953
May 03 06:21:09 host.example.com named-pkcs11[27047]: stopping command
channel on ::1#953
May 03 06:21:09 host.example.com named-pkcs11[27047]: zone example.com/IN
(signed): shutting down
May 03 06:21:09 host.example.com named-pkcs11[27047]: zone example.com/IN
(unsigned): shutting down
May 03 06:21:09 host.example.com named-pkcs11[27047]: no longer listening on
::#53
May 03 06:21:09 host.example.com named-pkcs11[27047]: no longer listening on
127.0.0.1#53
May 03 06:21:09 host.example.com named-pkcs11[27047]: no longer listening on
1.2.3.4#53
May 03 06:21:09 host.example.com named-pkcs11[27047]: exiting
May 03 06:21:09 host.example.com systemd[1]: Starting Berkeley Internet Name
Domain (DNS) with native PKCS#11...
May 03 06:21:09 host.example.com bash[27077]: zone localhost.localdomain/IN:
loaded serial 0
May 03 06:21:09 host.example.com bash[27077]: zone localhost/IN: loaded
serial 0
May 03 06:21:09 host.example.com bash[27077]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loa
May 03 06:21:09 host.example.com bash[27077]: zone
1.0.0.127.in-addr.arpa/IN: loaded serial 0
May 03 06:21:09 host.example.com bash[27077]: zone 0.in-addr.arpa/IN: loaded
serial 0
May 03 06:21:09 host.example.com named-pkcs11[27082]: starting BIND
9.9.4-RedHat-9.9.4-29.el7_2.3 -u named
May 03 06:21:09 host.example.com named-pkcs11[27082]: built with
'--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu'
May 03 06:21:09 host.example.com named-pkcs11[27082]:
----------------------------------------------------
May 03 06:21:09 host.example.com named-pkcs11[27082]: BIND 9 is maintained
by Internet Systems Consortium,
May 03 06:21:09 host.example.com named-pkcs11[27082]: Inc. (ISC), a
non-profit 501(c)(3) public-benefit
May 03 06:21:09 host.example.com named-pkcs11[27082]: corporation. Support
and training for BIND 9 are
May 03 06:21:09 host.example.com named-pkcs11[27082]: available at
https://www.isc.org/support
May 03 06:21:09 host.example.com named-pkcs11[27082]:
----------------------------------------------------
May 03 06:21:09 host.example.com named-pkcs11[27082]: adjusted limit on open
files from 4096 to 1048576
May 03 06:21:09 host.example.com named-pkcs11[27082]: found 4 CPUs, using 4
worker threads
May 03 06:21:09 host.example.com named-pkcs11[27082]: using 4 UDP listeners
per interface
May 03 06:21:09 host.example.com named-pkcs11[27082]: using up to 4096
sockets
May 03 06:21:09 host.example.com named-pkcs11[27082]: loading configuration
from '/etc/named.conf'
May 03 06:21:09 host.example.com named-pkcs11[27082]: reading built-in
trusted keys from file '/etc/named.iscdlv.key'
May 03 06:21:09 host.example.com named-pkcs11[27082]: using default UDP/IPv4
port range: [1024, 65535]
May 03 06:21:09 host.example.com named-pkcs11[27082]: using default UDP/IPv6
port range: [1024, 65535]
May 03 06:21:09 host.example.com named-pkcs11[27082]: listening on IPv6
interfaces, port 53
May 03 06:21:09 host.example.com named-pkcs11[27082]: listening on IPv4
interface lo, 127.0.0.1#53
May 03 06:21:09 host.example.com named-pkcs11[27082]: listening on IPv4
interface eth0, 1.2.3.4#53
May 03 06:21:09 host.example.com named-pkcs11[27082]: generating session key
for dynamic DNS
May 03 06:21:09 host.example.com named-pkcs11[27082]: sizing zone task pool
based on 6 zones
May 03 06:21:09 host.example.com named-pkcs11[27082]: /etc/named.conf:12: no
forwarders seen; disabling forwarding
May 03 06:21:09 host.example.com named-pkcs11[27082]: set up managed keys
zone for view _default, file '/var/named/dynamic/managed-
May 03 06:21:09 host.example.com named-pkcs11[27082]: bind-dyndb-ldap
version 8.0 compiled at 15:16:02 Nov 20 2015, compiler 4.8.5
May 03 06:21:09 host.example.com named-pkcs11[27082]: option
'serial_autoincrement' is not supported, ignoring
May 03 06:21:09 host.example.com named-pkcs11[27082]: GSSAPI client step 1
May 03 06:21:09 host.example.com named-pkcs11[27082]: GSSAPI client step 1
May 03 06:21:09 host.example.com named-pkcs11[27082]: GSSAPI client step 1
May 03 06:21:10 host.example.com named-pkcs11[27082]: GSSAPI client step 2
May 03 06:21:10 host.example.com named-pkcs11[27082]: GSSAPI client step 1
May 03 06:21:10 host.example.com named-pkcs11[27082]: GSSAPI client step 1
May 03 06:21:10 host.example.com named-pkcs11[27082]: GSSAPI client step 1
May 03 06:21:10 host.example.com named-pkcs11[27082]: GSSAPI client step 2
May 03 06:21:10 host.example.com named-pkcs11[27082]: LDAP instance 'ipa' is
being synchronized, please ignore message 'all zones l
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
10.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
16.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
17.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
18.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
19.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
20.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
21.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
22.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
23.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
24.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
25.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
26.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
27.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
28.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
29.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
30.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
31.172.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
168.192.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
64.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
65.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
66.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
67.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
68.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
69.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
70.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
71.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
72.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
73.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
74.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
75.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
76.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
77.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
78.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
79.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
80.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
81.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
82.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
83.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
84.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
85.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
86.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
87.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
88.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
89.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
90.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
91.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
92.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
93.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
94.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
95.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
96.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
97.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
98.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
99.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
100.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
101.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
102.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
103.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
104.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
105.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
106.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
107.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
108.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
109.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
110.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
111.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
112.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
113.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
114.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
115.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
116.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
117.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
118.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
119.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
120.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
121.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
122.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
123.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
124.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
125.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
126.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
127.100.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
127.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
254.169.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
2.0.192.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
100.51.198.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
113.0.203.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
255.255.255.255.IN-ADDR.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
D.F.IP6.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
8.E.F.IP6.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
9.E.F.IP6.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
A.E.F.IP6.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
B.E.F.IP6.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.ARPA
May 03 06:21:10 host.example.com named-pkcs11[27082]: /etc/named.conf:12: no
forwarders seen; disabling forwarding
May 03 06:21:10 host.example.com named-pkcs11[27082]: command channel
listening on 127.0.0.1#953
May 03 06:21:10 host.example.com named-pkcs11[27082]: command channel
listening on ::1#953
May 03 06:21:11 host.example.com named-pkcs11[27082]: managed-keys-zone:
loaded serial 93
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone
0.in-addr.arpa/IN: loaded serial 0
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone
1.0.0.127.in-addr.arpa/IN: loaded serial 0
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone
localhost.localdomain/IN: loaded serial 0
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone localhost/IN:
loaded serial 0
May 03 06:21:11 host.example.com named-pkcs11[27082]: all zones loaded
May 03 06:21:11 host.example.com named-pkcs11[27082]: running
May 03 06:21:11 host.example.com systemd[1]: Started Berkeley Internet Name
Domain (DNS) with native PKCS#11.
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone example.com/IN
(unsigned): loaded serial 1462270871
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): loaded serial 1462270871
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): receive_secure_serial: unchanged
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): loaded serial 1462270871
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): reconfiguring NSEC3PARAM to '0 0 0 00'
May 03 06:21:11 host.example.com named-pkcs11[27082]: 1 master zones from
LDAP instance 'ipa' loaded (1 zones defined, 0 inactive,
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): reconfiguring zone keys
May 03 06:21:11 host.example.com named-pkcs11[27082]: zone example.com/IN
(signed): next key event: 03-May-2016 07:21:11.049
Cheers,
GTG
-----Original Message-----
From: Martin Basti [mailto:mbasti at redhat.com]
Sent: May-03-16 4:06 AM
To: Gary T. Giesen <ggiesen+freeipa-users at giesen.me>;
freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Unable to configure DNSSEC signing
Hello,
can you please check journalctl -u named-pkcs11 ?
Martin
More information about the Freeipa-users
mailing list