Not the result I was expecting! but Ill take the credit none the less!<div><br></div><div><br clear="all">Tim Dykes<br><br>H: 02 8006 2033<br>M: 041 962 0603<br>E: ttdykes at <a href="http://gmail.com">gmail.com</a><br>
<br><br><div class="gmail_quote">On Mon, Jan 31, 2011 at 11:52 PM, Jan-Piet Mens <span dir="ltr"><<a href="mailto:jpmens@gmail.com">jpmens@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Tim,<div class="im"><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Set signer verbosity as high as possible and might see the reason the<br>
zone transfer is failing in syslog.<br>
</blockquote>
<br></div>
Well, that was certainly helpful. In a way: :)<br>
<br>
$ ods-signer verbosity 9999<br>
$ z=c1008.aa<div class="im"><br>
$ ods-ksmutil zone add --zone $z --policy pol0 -s /tmp/o/signconf/$z -i /tmp/o/unsigned/$z -o /tmp/o/signed/$z<br></div>
$ ods-control enforcer notify<br>
<br>
No changes to any configs since last reported, but increase of verbosity causes the system to AXFR the zone ???<br>
<br>
<br>
Jan 31 13:40:19 sign1 ods-signerd: received command update c1008.aa[15]<br>
Jan 31 13:40:19 sign1 ods-signerd: cmdhandler: updating signer configuration (c1008.aa)<br>
Jan 31 13:40:19 sign1 ods-signerd: zone fetcher reloaded (pid=9650)<br>
Jan 31 13:40:19 sign1 ods-signerd: read zone list file /usr/local/stow/opendnssec-1.2.0/etc/opendnssec/zonelist.xml<br>
Jan 31 13:40:19 sign1 ods-signerd: zone fetcher transferred zone c1008.aa serial 1 successfully<br>
Jan 31 13:40:19 sign1 ods-signerd: received command sign c1008.aa[13]<br>
Jan 31 13:40:19 sign1 ods-signerd: cmdhandler: not working on zone c1008.aa, updating zone list<br>
Jan 31 13:40:19 sign1 ods-signerd: cmdhandler: updating signer configuration (c1008.aa)<br>
Jan 31 13:40:19 sign1 ods-signerd: zone fetcher reloaded (pid=9650)<br>
Jan 31 13:40:19 sign1 ods-signerd: read zone list file /usr/local/stow/opendnssec-1.2.0/etc/opendnssec/zonelist.xml<br>
Jan 31 13:40:19 sign1 ods-signerd: zone fetcher reloaded (pid=9650)<br>
Jan 31 13:40:19 sign1 ods-signerd: fetch zone c1008.aa<br>
Jan 31 13:40:19 sign1 ods-signerd: read zone c1008.aa from input file adapter /tmp/o/unsigned/c1008.aa<br>
Jan 31 13:40:19 sign1 ods-signerd: zone c1008.aa set SOA TTL to 600<br>
Jan 31 13:40:19 sign1 ods-signerd: zone c1008.aa set SOA MINIMUM to 600<br>
Jan 31 13:40:20 sign1 ods-signerd: publish dnskeys to zone c1008.aa<br>
Jan 31 13:40:20 sign1 ods-signerd: zone c1008.aa set DNSKEY TTL to 3600<br>
Jan 31 13:40:20 sign1 ods-signerd: zone c1008.aa set DNSKEY TTL to 3600<br>
Jan 31 13:40:20 sign1 ods-signerd: update zone c1008.aa<br>
Jan 31 13:40:20 sign1 ods-signerd: zone c1008.aa updated to serial 2011013100<br>
Jan 31 13:40:20 sign1 ods-signerd: nsecify zone c1008.aa<br>
Jan 31 13:40:21 sign1 ods-signerd: sign zone c1008.aa<br>
----------- JP: signed c1008.aa in /tmp/o/signed/c1008.aa --------<br>
Jan 31 13:40:26 sign1 ods-signerd: zone c1008.aa signed, new serial 2011013100<br>
Jan 31 13:40:26 sign1 ods-signerd: write zone c1008.aa serial 2011013100<br>
<br>
I then set verbosity to 0, and the initial AXFR for a new zone fails.<br>
<br>
Verbosity 0 through 4 fails<br>
Verbosity 5 transfers the zone. That would appear to be a bug.<br><font color="#888888">
<br>
-JP<br>
</font></blockquote></div><br></div>