[Opendnssec-user] zonefetcher issues

Antti Ristimäki aristima at csc.fi
Fri Nov 6 12:46:08 UTC 2009 

Hi,

I had previously also some problems with zone fetcher. Now I have
explicitly configured the interface, on which the zone fetcher should
listen for notify messages. This can be done by adding the <IPv4>
statement between the <NotifyListen> statements. For example:

<NotifyListen><IPv4>a.b.c.d</IPv4><Port>53</Port></NotifyListen>

Could it be possible that you have a name server instance running on
port 53? That might be the reason why zone fetcher fails to bind the
interface.

Regards,
Antti

On Fri, 2009-11-06 at 14:38 +0200, B C wrote:
> Today is the first day that I've tried to use zonefetcher so it could be something I am doing wrong :)
> 
> I have this in my config:
> 
> <?xml version="1.0" encoding="UTF-8"?>
> 
> <!-- $Id: zonefetch.xml.in<http://zonefetch.xml.in> 1920 2009-09-30 07:49:39Z matthijs $ -->
> 
> <ZoneFetch>
>         <!-- where to listen for notifies -->
>         <!-- DEFAULT: do not listen to notify on specific address -->
>         <NotifyListen><Port>53</Port></NotifyListen>
> 
>         <!-- default inbound AXFR settings
>              (per zone setting not yet implemented) -->
>         <Default>
>                 <!-- TSIG secret for inbound AXFR -->
>                 <!-- DEFAULT: don't use TSIG -->
>                 <TSIG>
>                         <Name>secret.example.com<http://secret.example.com>.</Name>
> 
>                         <!-- http://www.iana.org/assignments/tsig-algorithm-names -->
>                         <Algorithm>hmac-sha256</Algorithm>
> 
>                         <!-- base64 encoded secret -->
>                         <Secret>sw0nMPCswVbes1tmQTm1pcMmpNRK+oGMYN+qKNR/BwQ=</Secret>
>                 </TSIG>
> 
>                 <!-- address of host to request AXFR from -->
>                 <!-- incoming NOTIFY has to match this address as well -->
>                 <!-- DEFAULT: none -->
>                 <RequestTransfer>
>                         <IPv4>213.248.208.91</IPv4><Port>53</Port>
>                 </RequestTransfer>
>         </Default>
> </ZoneFetch>
> 
> 
> There is nothing using port53 on this box but when I run ods-start I see the following in the error log:
> 
> Nov  6 12:34:30 test-signer1 ods-signerd: Run command: '/usr/libexec/opendnssec/zone_fetcher -c /etc/opendnssec/zonefetch.xml -z /etc/opendnssec/zonelist.xml -d -f local0'
> Nov  6 12:34:30 OpenDNSSEC signer engine: zone fetcher started
> Nov  6 12:34:30 OpenDNSSEC signer engine: zone fetcher AXFR for uk failed
> Nov  6 12:34:30 OpenDNSSEC signer engine: zone fetcher can't bind UDP socket: Address already in use
> Nov  6 12:34:30 OpenDNSSEC signer engine: zone fetcher failed to initialize sockets
> Nov  6 12:34:30 OpenDNSSEC signer engine: zone fetcher exiting...
> 
> After this I do see:
> 
> -rw-r--r-- 1 root root 0 Nov  6 12:34 uk.axfr.29621
> 
> in
> 
> /var/opendnssec/unsigned/
> 
> 
> If I do a dig @213.248.208.91<http://213.248.208.91> uk axfr all is fine
> 
> 
> Did i miss something or is there a bug here?
> 
> 
> Brett

More information about the Opendnssec-user mailing list