[Opendnssec-develop] Re: [OpenDNSSEC] #184: Zone fetcher should have back off and retry behaviour

OpenDNSSEC owner-dnssec-trac at kirei.se
Thu Sep 22 08:48:15 UTC 2011

#184: Zone fetcher should have back off and retry behaviour
Reporter:  roland                     |        Owner:  matthijs
    Type:  defect                     |       Status:  new     
Priority:  major                      |    Component:  Signer  
 Version:  1.1.1                      |   Resolution:          
Keywords:  Zone fetcher AXFR failure  |  

Comment (by jerry):

 Hi Roland,

 Is this still relevant to version 1.3?


 Replying to [ticket:184 roland]:
 > This ticket is linked to ticket #183
 > We have noticed that AXFRs sometimes fail half-way through. The fix in
 ticket #183 ensures that this is now failsafe, i.e. that this doesn't
 result in a half zone getting signed and served out.
 > The problem of the failed AXFRs remains, however. This problem is
 intermittent and somewhat hard to predict when it occurs (although it
 occurs often enough to be reproducible, just not under exact
 circumstances). In my opinion, the zone fetcher should be able to handle
 failed AXFRs and should back off and retry later. Because it doesn't do
 this currently, it will only respond to the next NOTIFY which may again
 result in a failed AXFR. So I would strongly advocate including a back off
 and retry mechanism in the zone fetcher (or in the equivalent module that
 is going to serve this function in 1.2).
 > Apart from that, the current zone fetcher also doesn't support refresh
 (it doesn't request an AXFR if the SOA refresh of the zone expires). This
 is probably also a good idea.

Ticket URL: <http://trac.opendnssec.org/ticket/184#comment:1>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list