[Freeipa-users] Is this a bigger Problem DNSSEC ?

Günther J. Niederwimmer gjn at gjn.priv.at
Tue Oct 25 13:49:27 UTC 2016 

Hello,

FreeIPA 4.3.1
CentOS 7.2


I found today in /var/log/messages this entries 

Is the DNSSEC now broken ?

Thanks for a answer

ct 25 15:41:29 ipa ipa-dnskeysyncd: Traceback (most recent call last):
Oct 25 15:41:29 ipa ipa-dnskeysyncd: File "/usr/libexec/ipa/ipa-dnskeysyncd", 
line 112, in <module>
Oct 25 15:41:29 ipa ipa-dnskeysyncd: while 
ldap_connection.syncrepl_poll(all=1, msgid=ldap_search):
Oct 25 15:41:29 ipa ipa-dnskeysyncd: File "/usr/lib64/python2.7/site-
packages/ldap/syncrepl.py", line 405, in syncrepl_poll
Oct 25 15:41:29 ipa ipa-dnskeysyncd: self.syncrepl_refreshdone()
Oct 25 15:41:29 ipa ipa-dnskeysyncd: File "/usr/lib/python2.7/site-
packages/ipapython/dnssec/keysyncer.py", line 118, in syncrepl_refreshdone
Oct 25 15:41:29 ipa ipa-dnskeysyncd: self.bindmgr.sync(self.dnssec_zones)
Oct 25 15:41:29 ipa ipa-dnskeysyncd: File "/usr/lib/python2.7/site-
packages/ipapython/dnssec/bindmgr.py", line 209, in sync
Oct 25 15:41:29 ipa ipa-dnskeysyncd: self.sync_zone(zone)
Oct 25 15:41:29 ipa ipa-dnskeysyncd: File "/usr/lib/python2.7/site-
packages/ipapython/dnssec/bindmgr.py", line 182, in sync_zone
Oct 25 15:41:29 ipa ipa-dnskeysyncd: self.install_key(zone, uuid, attrs, 
tempdir)
Oct 25 15:41:29 ipa ipa-dnskeysyncd: File "/usr/lib/python2.7/site-
packages/ipapython/dnssec/bindmgr.py", line 117, in install_key
Oct 25 15:41:29 ipa ipa-dnskeysyncd: result = ipautil.run(cmd, 
capture_output=True)
Oct 25 15:41:29 ipa ipa-dnskeysyncd: File "/usr/lib/python2.7/site-
packages/ipapython/ipautil.py", line 479, in run
Oct 25 15:41:29 ipa ipa-dnskeysyncd: raise CalledProcessError(p.returncode, 
arg_string, str(output))
Oct 25 15:41:29 ipa ipa-dnskeysyncd: subprocess.CalledProcessError: Command 
'/usr/sbin/dnssec-keyfromlabel-pkcs11 -K /var/named/dyndb-
ldap/ipa/master/4gjn.com/tmppaO_R2 -a RSASHA256 -l 
pkcs11:object=d7fe5c98d5f3f89aefb9e8dfb92ebcb1;pin-
source=/var/lib/ipa/dnssec/softhsm_pin -I 20160811091542 -D 20160825225503 -P 
20160513081600 -A 20160513081600 4gjn.com.' returned non-zero exit status 1
Oct 25 15:41:30 ipa systemd: ipa-dnskeysyncd.service: main process exited, 
code=exited, status=1/FAILURE
Oct 25 15:41:30 ipa systemd: Unit ipa-dnskeysyncd.service entered failed 
state.
Oct 25 15:41:30 ipa systemd: ipa-dnskeysyncd.service failed.

-- 
mit freundlichen Grüßen / best regards,

  Günther J. Niederwimmer

More information about the Freeipa-users mailing list