[Opendnssec-develop] Re: [OpenDNSSEC] #184: Zone fetcher should have back off and retry behaviour
OpenDNSSEC
owner-dnssec-trac at kirei.se
Thu Sep 22 08:48:15 UTC 2011
#184: Zone fetcher should have back off and retry behaviour
--------------------------------------+-------------------------------------
Reporter: roland | Owner: matthijs
Type: defect | Status: new
Priority: major | Component: Signer
Version: 1.1.1 | Resolution:
Keywords: Zone fetcher AXFR failure |
--------------------------------------+-------------------------------------
Comment (by jerry):
Hi Roland,
Is this still relevant to version 1.3?
Regards,
Jerry
Replying to [ticket:184 roland]:
> This ticket is linked to ticket #183
>
> We have noticed that AXFRs sometimes fail half-way through. The fix in
ticket #183 ensures that this is now failsafe, i.e. that this doesn't
result in a half zone getting signed and served out.
>
> The problem of the failed AXFRs remains, however. This problem is
intermittent and somewhat hard to predict when it occurs (although it
occurs often enough to be reproducible, just not under exact
circumstances). In my opinion, the zone fetcher should be able to handle
failed AXFRs and should back off and retry later. Because it doesn't do
this currently, it will only respond to the next NOTIFY which may again
result in a failed AXFR. So I would strongly advocate including a back off
and retry mechanism in the zone fetcher (or in the equivalent module that
is going to serve this function in 1.2).
>
> Apart from that, the current zone fetcher also doesn't support refresh
(it doesn't request an AXFR if the SOA refresh of the zone expires). This
is probably also a good idea.
--
Ticket URL: <http://trac.opendnssec.org/ticket/184#comment:1>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list