[Pkg-dns-devel] Bug#812520: dnssec-tools: needs to restart rollerd after logrotate

root martin at uni-mainz.de
Sun Jan 24 16:10:51 UTC 2016 

Package: dnssec-tools
Version: 2.2-2
Severity: normal

rollerd needs to be restarted after daily logrotate. 
Otherwise it does not reopen the logfile:

lsof -p :3932

rollerd 3932 root    3w   REG              253,0   218678 2222675 /var/log/dnssec-tools/rollerd.log.1 (deleted)

Please apply the followin patch:

--- /etc/logrotate.d/dnssec-tools~      2012-06-28 12:25:41.000000000 +0200
+++ /etc/logrotate.d/dnssec-tools       2015-05-27 09:17:58.750990311 +0200
@@ -3,4 +3,7 @@
        weekly
        compress
        missingok
+       postrotate
+               /etc/init.d/rollerd restart > /dev/null
+       endscript
 }


-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (600, 'stable-updates'), (600, 'stable'), (60, 'oldstable-updates'), (60, 'oldstable'), (50, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dnssec-tools depends on:
ii  bind9utils                     1:9.9.5.dfsg-9+deb8u5
ii  libmailtools-perl              2.13-1
ii  libnet-dns-perl                0.81-2
ii  libnet-dns-sec-perl            0.21-1
ii  libnet-dns-zonefile-fast-perl  1.24-1
ii  libtimedate-perl               2.3000-2
ii  perl                           5.20.2-3+deb8u3

Versions of packages dnssec-tools recommends:
ii  bind9    1:9.9.5.dfsg-9+deb8u5
ii  perl-tk  1:804.032-3+b3

dnssec-tools suggests no packages.

-- Configuration Files:
/etc/default/rollerd changed:
DAEMON_OPTS="-rrfile /etc/bind/all.rollrec -directory /etc/bind"
cd /etc/bind

/etc/dnssec-tools/dnssec-tools.conf changed:
admin-email     root at localhost
keyarch		/usr/sbin/keyarch
rollchk		/usr/sbin/rollchk
zonesigner	/usr/sbin/zonesigner
keygen		/usr/sbin/dnssec-keygen
rndc		/usr/sbin/rndc
zonecheck	/usr/sbin/named-checkzone
zonesign	/usr/sbin/dnssec-signzone
algorithm	rsasha256
ksklength	2048
zsklength	1024
random		/dev/urandom
usensec3        yes
nsec3iter       100
nsec3salt       random:64
nsec3optout     yes
endtime		+2592000		# RRSIGs good for thirty days.
lifespan-max	94608000
lifespan-min	3600
ksklife		15768000
zsklife		604800
archivedir	/var/lib/dnssec-tools/archive
entropy_msg	1
savekeys	1
kskcount	1
zskcount	1
roll_loadzone   1
roll_logfile    /var/log/dnssec-tools/rollerd.log
roll_loglevel   tmi
roll_phasemsg   long
roll_sleeptime  3600
zone_errors	5
log_tz		gmt
tacontact	
tasmtpserver	localhost
taresolvconf	localhost
tatmpdir	/var/run/dnssec-tools/trustman
usegui		0

/etc/dnssec-tools/dnssec-tools.rollrec changed:
skip "info rollrec"
	version		"2"


-- no debconf information

More information about the pkg-dns-devel mailing list