[Opendnssec-develop] [OpenDNSSEC] #184: Zone fetcher should have back off and retry behaviour

OpenDNSSEC owner-dnssec-trac at kirei.se
Fri Sep 10 12:44:53 UTC 2010

#184: Zone fetcher should have back off and retry behaviour
Reporter:  roland  |       Owner:  matthijs                 
    Type:  defect  |      Status:  new                      
Priority:  major   |   Component:  Signer                   
 Version:  1.1.1   |    Keywords:  Zone fetcher AXFR failure
 This ticket is linked to ticket #183

 We have noticed that AXFRs sometimes fail half-way through. The fix in
 ticket #183 ensures that this is now failsafe, i.e. that this doesn't
 result in a half zone getting signed and served out.

 The problem of the failed AXFRs remains, however. This problem is
 intermittent and somewhat hard to predict when it occurs (although it
 occurs often enough to be reproducible, just not under exact
 circumstances). In my opinion, the zone fetcher should be able to handle
 failed AXFRs and should back off and retry later. Because it doesn't do
 this currently, it will only respond to the next NOTIFY which may again
 result in a failed AXFR. So I would strongly advocate including a back off
 and retry mechanism in the zone fetcher (or in the equivalent module that
 is going to serve this function in 1.2).

 Apart from that, the current zone fetcher also doesn't support refresh (it
 doesn't request an AXFR if the SOA refresh of the zone expires). This is
 probably also a good idea.

Ticket URL: <http://trac.opendnssec.org/ticket/184>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list