<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=gb2312" http-equiv=Content-Type>
<STYLE>
BLOCKQUOTE {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; MARGIN-LEFT: 2em
}
OL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
UL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
BODY {
LINE-HEIGHT: 1.5; FONT-FAMILY: ËÎÌå; COLOR: #000000; FONT-SIZE: 10.5pt
}
</STYLE>
<META name=GENERATOR content="MSHTML 8.00.6001.18702"></HEAD>
<BODY style="MARGIN: 10px">
<DIV>hi all,</DIV>
<DIV style="TEXT-INDENT: 2em">I'm testing opendnssec 1.4 now, the work i have
done is get zone file created from database and then let
opendnssec(192.168.1.24) signs it and finally SEND to another
server(192.168.1.25) equiped with BIND and let BIND reload the signed zone
file.</DIV>
<DIV style="TEXT-INDENT: 2em">But, I have not succeed yet, my configuration
files are as follows(I did not use Inbound in addns.xml,only the Outbound
used,so I let Inbound not changed):</DIV>
<DIV style="TEXT-INDENT: 2em">addns.xml</DIV>
<DIV style="TEXT-INDENT: 2em">....</DIV>
<DIV style="TEXT-INDENT: 2em">
<DIV><Adapter></DIV>
<DIV> <DNS></DIV>
<DIV> <TSIG></DIV>
<DIV> <Name>secret.example.com</Name></DIV>
<DIV> <!-- http://www.iana.org/assignments/tsig-algorithm-names --></DIV>
<DIV> <Algorithm>hmac-md5</Algorithm></DIV>
<DIV> <!-- base64 encoded secret --></DIV>
<DIV> <Secret>L19PntmGH8OTnYQd+nNk+g==</Secret></DIV>
<DIV> </TSIG></DIV>
<DIV> </DIV>
<DIV> <Inbound></DIV>
<DIV> <!-- Address of host to request XFR from --></DIV>
<DIV> <RequestTransfer></DIV>
<DIV> <!-- EXAMPLE: send request to 1.2.3.4 on the default port 53 --></DIV>
<DIV> <Remote></DIV>
<DIV> <Address>1.2.3.4</Address></DIV>
<DIV> </Remote></DIV>
<DIV> <!-- EXAMPLE: send request to dead:beef::1 on port 5353, TSIG signed with secret.example.com --></DIV>
<DIV> <Remote></DIV>
<DIV> <Address>dead:beef::1</Address></DIV>
<DIV> <Port>5353</Port></DIV>
<DIV> <Key>secret.example.com</Key></DIV>
<DIV> </Remote></DIV>
<DIV> </RequestTransfer></DIV>
<DIV> </DIV>
<DIV> <!-- Allow NOTIFY messages from host --></DIV>
<DIV> <AllowNotify></DIV>
<DIV> <!-- EXAMPLE: allow notifies from 1.2.3.4 --></DIV>
<DIV> <Peer></DIV>
<DIV> <Prefix>1.2.3.4</Prefix></DIV>
<DIV> </Peer></DIV>
<DIV> </AllowNotify></DIV>
<DIV> </Inbound></DIV>
<DIV> </DIV>
<DIV> <Outbound></DIV>
<DIV> <!-- Provide XFR to host --></DIV>
<DIV> <ProvideTransfer></DIV>
<DIV> <!-- EXAMPLE: provide XFR to 1.2.3.5 with key secret.example.com --></DIV>
<DIV> <Peer></DIV>
<DIV> <Prefix>192.168.1.25</Prefix></DIV>
<DIV> <Key>secret.example.com</Key></DIV>
<DIV>
<DIV> </Peer></DIV>
<DIV> </ProvideTransfer></DIV>
<DIV> </DIV>
<DIV> <!-- Send NOTIFY messages to host --></DIV>
<DIV> <Notify></DIV>
<DIV> <!-- EXAMPLE: send NOTIFY to 1.2.3.5 on the default port 53 --></DIV>
<DIV> <Remote></DIV>
<DIV> <Address>192.168.1.25</Address></DIV>
<DIV> </Remote></DIV>
<DIV> </Notify></DIV>
<DIV> </Outbound></DIV>
<DIV> </DNS></DIV></DIV></DIV>
<DIV style="TEXT-INDENT: 2em">....</DIV>
<DIV style="TEXT-INDENT: 2em">zonelist.xml</DIV>
<DIV style="TEXT-INDENT: 2em">....</DIV>
<DIV style="TEXT-INDENT: 2em">
<DIV> <Zone name="example.com"></DIV>
<DIV> <Policy>default</Policy></DIV>
<DIV> <SignerConfiguration>/var/opendnssec/signconf/example.com.xml</SignerConfiguration></DIV>
<DIV> <Adapters></DIV>
<DIV> <Input></DIV>
<DIV> <Adapter type="<SPAN
style="FONT-WEIGHT: bold">File</SPAN>">/var/opendnssec/unsigned/example.com</Adapter></DIV>
<DIV> </Input></DIV>
<DIV> <Output></DIV>
<DIV> <Adapter type="<SPAN
style="FONT-WEIGHT: bold">DNS</SPAN>">/etc/opendnssec/addns.xml</Adapter></DIV>
<DIV> </Output></DIV>
<DIV> </Adapters></DIV>
<DIV> </Zone></DIV></DIV>
<DIV style="TEXT-INDENT: 2em">....</DIV>
<DIV style="TEXT-INDENT: 2em"> </DIV>
<DIV style="TEXT-INDENT: 2em">conf.xml</DIV>
<DIV style="TEXT-INDENT: 2em">....</DIV>
<DIV style="TEXT-INDENT: 2em">
<DIV> <Signer></DIV>
<DIV> <WorkingDirectory>/var/opendnssec/tmp</WorkingDirectory></DIV>
<DIV> <WorkerThreads>4</WorkerThreads></DIV>
<DIV> <SignerThreads>4</SignerThreads></DIV>
<DIV> <Listener></DIV>
<DIV> <Interface><Port>53</Port></Interface></DIV>
<DIV> </Listener></DIV>
<DIV> </Signer></DIV></DIV>
<DIV style="TEXT-INDENT: 2em">....</DIV>
<DIV style="TEXT-INDENT: 2em">In the syslog, I find</DIV>
<DIV
style="TEXT-INDENT: 2em">" ods-signerd: [engine] no dnshandler/listener configured, but zones are configured with dns adapters: notify and zone transfer requests will not work properly
" </DIV>
<DIV
style="TEXT-INDENT: 2em">" ods-signerd: [tools] unable to read zone example.com: adapter failed (General error)
" </DIV>
<DIV style="TEXT-INDENT: 2em"> </DIV>
<DIV style="TEXT-INDENT: 2em">Is there something wrong in the configuration
files? Can anybody help me to implement the AXFR from OpenDNSSEC to BIND? Thanks
a lot!</DIV>
<DIV style="TEXT-INDENT: 2em"> </DIV>
<DIV style="TEXT-INDENT: 2em">P.S.</DIV>
<DIV style="TEXT-INDENT: 2em">I found that there are no elements such as
<ZonfFechFile> in <Common> and <NotifyListen> in conf.xml,
maybe a new documentation should be released,: ). </DIV>
<DIV style="TEXT-INDENT: 2em"> </DIV>
<DIV> </DIV>
<HR style="WIDTH: 210px; HEIGHT: 1px" align=left color=#b5c4df SIZE=1>
<DIV><SPAN>Áõ˶</SPAN></DIV></BODY></HTML>