Hi, I try to add a DNSSEC but when i enable it, then it doesn't generate any DS-Data and if i leave it on then my site goes also down because of invalid DNSSEC record. I'm completely lost why this happens. I only know that on my old Debian 9 Server (Manual Install Instruction) everything worked fine. Below is the error log i got: Code: 23.09.2022-13:05 - DEBUG [plugins.inc:118] - Calling function 'soa_update' from plugin 'bind_plugin' raised by event 'dns_soa_update'. 23.09.2022-13:05 - DEBUG [system.inc:2399] - safe_exec cmd: named-checkzone 'bananas.com.' '/etc/bind/pri.bananas.com' - return code: 0 23.09.2022-13:05 - DEBUG [bind plugin.inc:346] - Writing BIND domain file: /etc/bind/pri.bananas.com 23.09.2022-13:05 - DEBUG [bind plugin.inc:374] - DNSSEC Algorithm has changed: ECDSAP256SHA256 23.09.2022-13:05 - WARNING - DNSSEC ERROR: We are low on entropy. Not generating new Keys for bananas.com. Please consider installing package haveged. 23.09.2022-13:05 - DEBUG [bind plugin.inc:592] - Writing BIND named.conf.local file: /etc/bind/named.conf.local 23.09.2022-13:05 - DEBUG [modules.inc:240] - Processed datalog_id 526 23.09.2022-13:05 - DEBUG [services.inc:56] - Calling function 'restartBind' from module 'dns_module'. 23.09.2022-13:05 - DEBUG [system.inc:2082] - Trying to use Systemd to restart service 23.09.2022-13:05 - DEBUG [system.inc:2399] - safe_exec cmd: systemctl is-enabled 'named' 2>&1 - return code: 0 But everything looks fine with the HAVEGE service. Code: root@server1:~# systemctl status haveged ● haveged.service - Entropy Daemon based on the HAVEGE algorithm Loaded: loaded (/lib/systemd/system/haveged.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-09-23 14:41:25 UTC; 17min ago Docs: man:haveged(8) http://www.issihosts.com/haveged/ Main PID: 330 (haveged) Tasks: 1 (limit: 9508) Memory: 4.0M CPU: 247ms CGroup: /system.slice/haveged.service └─330 /usr/sbin/haveged --Foreground --verbose=1 Sep 23 14:41:25 server1 systemd[1]: Started Entropy Daemon based on the HAVEGE algorithm. Sep 23 14:41:25 server1 haveged[330]: haveged: command socket is listening at fd 3 Sep 23 14:41:26 server1 haveged[330]: haveged: ver: 1.9.14; arch: x86; vend: ; build: (gcc 10.2.1 ITV); collect: 12> Sep 23 14:41:26 server1 haveged[330]: haveged: cpu: (VC); data: 64K (V); inst: 64K (V); idx: 39/40; sz: 54019/54019 Sep 23 14:41:26 server1 haveged[330]: haveged: tot tests(BA8): A:1/1 B:1/1 continuous tests(B): last entropy estim> Sep 23 14:41:26 server1 haveged[330]: haveged: fills: 0, generated: 0
That's a known issue that has been fixed already in dev branch, it happens on systems with low entropy only. See here for the fix: https://git.ispconfig.org/ispconfig/ispconfig3/-/commit/821b16a4c56fe3cd5e81f0d2d3eb8679e3def0f1 This is not related to the auto-installer btw. and it does not work on systems with low entropy that were installed by the manual instructions as well as it is caused by changes in Debian and we had to provide a workaround for these changes.
Damn i really run into evert bug road block. After i have manually edited this code line everything worked again. Thanks a lot. I also found an option that i fought ISPConfig never had. After 3 years i found that ISPConfig an DNS Zone Export function. I think it would be a good idea to enable this option by default: System -> Main Config -> DNS -> Show zone export
