So I changed my config file to read:<div><br></div><div><NotifyListen><IPv4>213.248.208.95</IPv4><Port>53</Port></NotifyListen></div><div><br></div><div><div>Nov 6 13:06:20 test-signer1 ods-signerd: Run command: '/usr/libexec/opendnssec/zone_fetcher -c /etc/opendnssec/zonefetch.xml -z /etc/opendnssec/zonelist.xml -d -f local0'</div>
<div>Nov 6 13:06:21 OpenDNSSEC signer engine: zone fetcher started</div><div>Nov 6 13:06:21 OpenDNSSEC signer engine: zone fetcher AXFR for uk failed</div><div><br></div><div>The zonefetcher is now running but is not fetching the zone</div>
</div><div><br></div><div>I see the following when a notify arrives:</div><div><br></div><div><div>Nov 6 13:09:20 OpenDNSSEC signer engine: zone fetcher received NOTIFY for zone uk</div><div>Nov 6 13:09:20 OpenDNSSEC signer engine: zone fetcher AXFR for uk failed</div>
<div><br></div><div>Brett</div><br><div class="gmail_quote">2009/11/6 Antti Ristimäki <span dir="ltr"><<a href="mailto:aristima@csc.fi">aristima@csc.fi</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi,<br>
<br>
I had previously also some problems with zone fetcher. Now I have<br>
explicitly configured the interface, on which the zone fetcher should<br>
listen for notify messages. This can be done by adding the <IPv4><br>
statement between the <NotifyListen> statements. For example:<br>
<br>
<NotifyListen><IPv4>a.b.c.d</IPv4><Port>53</Port></NotifyListen><br>
<br>
Could it be possible that you have a name server instance running on<br>
port 53? That might be the reason why zone fetcher fails to bind the<br>
interface.<br>
<br>
Regards,<br>
Antti<br>
<div class="im"><br>
On Fri, 2009-11-06 at 14:38 +0200, B C wrote:<br>
> Today is the first day that I've tried to use zonefetcher so it could be something I am doing wrong :)<br>
><br>
> I have this in my config:<br>
><br>
> <?xml version="1.0" encoding="UTF-8"?><br>
><br>
</div>> <!-- $Id: <a href="http://zonefetch.xml.in" target="_blank">zonefetch.xml.in</a><<a href="http://zonefetch.xml.in" target="_blank">http://zonefetch.xml.in</a>> 1920 2009-09-30 07:49:39Z matthijs $ --><br>
<div class="im">><br>
> <ZoneFetch><br>
> <!-- where to listen for notifies --><br>
> <!-- DEFAULT: do not listen to notify on specific address --><br>
> <NotifyListen><Port>53</Port></NotifyListen><br>
><br>
> <!-- default inbound AXFR settings<br>
> (per zone setting not yet implemented) --><br>
> <Default><br>
> <!-- TSIG secret for inbound AXFR --><br>
> <!-- DEFAULT: don't use TSIG --><br>
> <TSIG><br>
</div>> <Name><a href="http://secret.example.com" target="_blank">secret.example.com</a><<a href="http://secret.example.com" target="_blank">http://secret.example.com</a>>.</Name><br>
<div class="im">><br>
> <!-- <a href="http://www.iana.org/assignments/tsig-algorithm-names" target="_blank">http://www.iana.org/assignments/tsig-algorithm-names</a> --><br>
> <Algorithm>hmac-sha256</Algorithm><br>
><br>
> <!-- base64 encoded secret --><br>
> <Secret>sw0nMPCswVbes1tmQTm1pcMmpNRK+oGMYN+qKNR/BwQ=</Secret><br>
> </TSIG><br>
><br>
> <!-- address of host to request AXFR from --><br>
> <!-- incoming NOTIFY has to match this address as well --><br>
> <!-- DEFAULT: none --><br>
> <RequestTransfer><br>
> <IPv4>213.248.208.91</IPv4><Port>53</Port><br>
> </RequestTransfer><br>
> </Default><br>
> </ZoneFetch><br>
><br>
><br>
> There is nothing using port53 on this box but when I run ods-start I see the following in the error log:<br>
><br>
> Nov 6 12:34:30 test-signer1 ods-signerd: Run command: '/usr/libexec/opendnssec/zone_fetcher -c /etc/opendnssec/zonefetch.xml -z /etc/opendnssec/zonelist.xml -d -f local0'<br>
> Nov 6 12:34:30 OpenDNSSEC signer engine: zone fetcher started<br>
> Nov 6 12:34:30 OpenDNSSEC signer engine: zone fetcher AXFR for uk failed<br>
> Nov 6 12:34:30 OpenDNSSEC signer engine: zone fetcher can't bind UDP socket: Address already in use<br>
> Nov 6 12:34:30 OpenDNSSEC signer engine: zone fetcher failed to initialize sockets<br>
> Nov 6 12:34:30 OpenDNSSEC signer engine: zone fetcher exiting...<br>
><br>
> After this I do see:<br>
><br>
> -rw-r--r-- 1 root root 0 Nov 6 12:34 uk.axfr.29621<br>
><br>
> in<br>
><br>
> /var/opendnssec/unsigned/<br>
><br>
><br>
</div>> If I do a dig @<a href="http://213.248.208.91" target="_blank">213.248.208.91</a><<a href="http://213.248.208.91" target="_blank">http://213.248.208.91</a>> uk axfr all is fine<br>
<div><div></div><div class="h5">><br>
><br>
> Did i miss something or is there a bug here?<br>
><br>
><br>
> Brett<br>
<br>
<br>
</div></div></blockquote></div><br></div>