[Opendnssec-user] zonefetcher issues

B C brettlists at gmail.com
Fri Nov 6 12:38:28 UTC 2009 

Today is the first day that I've tried to use zonefetcher so it could be
something I am doing wrong :)

I have this in my config:

<?xml version="1.0" encoding="UTF-8"?>

<!-- $Id: zonefetch.xml.in 1920 2009-09-30 07:49:39Z matthijs $ -->

<ZoneFetch>
        <!-- where to listen for notifies -->
        <!-- DEFAULT: do not listen to notify on specific address -->
        <NotifyListen><Port>53</Port></NotifyListen>

        <!-- default inbound AXFR settings
             (per zone setting not yet implemented) -->
        <Default>
                <!-- TSIG secret for inbound AXFR -->
                <!-- DEFAULT: don't use TSIG -->
                <TSIG>
                        <Name>secret.example.com.</Name>

                        <!--
http://www.iana.org/assignments/tsig-algorithm-names -->
                        <Algorithm>hmac-sha256</Algorithm>

                        <!-- base64 encoded secret -->

 <Secret>sw0nMPCswVbes1tmQTm1pcMmpNRK+oGMYN+qKNR/BwQ=</Secret>
                </TSIG>

                <!-- address of host to request AXFR from -->
                <!-- incoming NOTIFY has to match this address as well -->
                <!-- DEFAULT: none -->
                <RequestTransfer>
                        <IPv4>213.248.208.91</IPv4><Port>53</Port>
                </RequestTransfer>
        </Default>
</ZoneFetch>


There is nothing using port53 on this box but when I run ods-start I see the
following in the error log:

Nov  6 12:34:30 test-signer1 ods-signerd: Run command:
'/usr/libexec/opendnssec/zone_fetcher -c /etc/opendnssec/zonefetch.xml -z
/etc/opendnssec/zonelist.xml -d -f local0'
Nov  6 12:34:30 OpenDNSSEC signer engine: zone fetcher started
Nov  6 12:34:30 OpenDNSSEC signer engine: zone fetcher AXFR for uk failed
Nov  6 12:34:30 OpenDNSSEC signer engine: zone fetcher can't bind UDP
socket: Address already in use
Nov  6 12:34:30 OpenDNSSEC signer engine: zone fetcher failed to initialize
sockets
Nov  6 12:34:30 OpenDNSSEC signer engine: zone fetcher exiting...

After this I do see:

-rw-r--r-- 1 root root 0 Nov  6 12:34 uk.axfr.29621

in

/var/opendnssec/unsigned/


If I do a dig @213.248.208.91 uk axfr all is fine


Did i miss something or is there a bug here?


Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20091106/a18b1b34/attachment.htm>

More information about the Opendnssec-user mailing list