[Opendnssec-develop] [OpenDNSSEC] #184: Zone fetcher should have back off and retry behaviour
OpenDNSSEC
owner-dnssec-trac at kirei.se
Fri Sep 10 12:44:53 UTC 2010
#184: Zone fetcher should have back off and retry behaviour
-------------------+--------------------------------------------------------
Reporter: roland | Owner: matthijs
Type: defect | Status: new
Priority: major | Component: Signer
Version: 1.1.1 | Keywords: Zone fetcher AXFR failure
-------------------+--------------------------------------------------------
This ticket is linked to ticket #183
We have noticed that AXFRs sometimes fail half-way through. The fix in
ticket #183 ensures that this is now failsafe, i.e. that this doesn't
result in a half zone getting signed and served out.
The problem of the failed AXFRs remains, however. This problem is
intermittent and somewhat hard to predict when it occurs (although it
occurs often enough to be reproducible, just not under exact
circumstances). In my opinion, the zone fetcher should be able to handle
failed AXFRs and should back off and retry later. Because it doesn't do
this currently, it will only respond to the next NOTIFY which may again
result in a failed AXFR. So I would strongly advocate including a back off
and retry mechanism in the zone fetcher (or in the equivalent module that
is going to serve this function in 1.2).
Apart from that, the current zone fetcher also doesn't support refresh (it
doesn't request an AXFR if the SOA refresh of the zone expires). This is
probably also a good idea.
--
Ticket URL: <http://trac.opendnssec.org/ticket/184>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list