[Opendnssec-user] Running signer with zone fetcher

Matthijs Mekking matthijs at NLnetLabs.nl
Thu Oct 8 12:16:06 UTC 2009

Hash: SHA1

Hi Antti,

About the <Port>, that is right. The problem with that is that the ldns
resolver only allows to configure one remote port. It would be best to
make that nameserver dependent.

However, for now I made a fix that it will fetch the first configured
<Port> and use that instead of the default 53 port.

I also provided a fix for listening to notifies on one or more specific
interfaces. However, I don't see the same behavior as you do. It works
for me:

# netstat -anp | grep 5678

tcp 0 0 213.154.224.??:5678* LISTEN     14268/zone_fetcher
udp 0 0 213.154.224.??:5678*            14268/zone_fetcher

And if I try to configure not-owned ip addresses, it will fail as expected.

Can you provide me more details about the zonefetch.xml and your system
if the problem persists?

Best regards,


Antti Ristimäki wrote:
> Hi Matthijs and others,
> One more thing about zone fetcher. It doesn't seem to understand the
> <Port> statement in the zonefetch.xml file. At least in our test bed it
> is always sending the AXFR request to the standard server port 53
> instead of the port given in zonefetch.xml.
> In addition, how can one make the zone fetcher listen to NOTIFY messages
> on a specific address? At least the <IPv4> statement inside the
> <NotifyListen> statement doesn't seem to do the trick. The <Port>
> statement works for the listener, but it binds on all possible addresses.
> Regards,
> Antti
> On Wed, 7 Oct 2009, Matthijs Mekking wrote:
>> Doh,
>> it should have been config, not zone_config. Fixed in trunk.
>> Matthijs
>> Antti Ristimäki wrote:
>>> Hello,
>>> I have a problem when running the signer with the zone fetcher. In the
>>> conf.xml, I have the statement
>>> <ZoneFetchFile>/etc/opendnssec/zonefetch.xml</ZoneFetchFile>.
>>> When trying to run the signer, it logs the following error message:
>>> Error: Engine instance has no attribute 'zone_config'
>>> If I comment out the statement <ZoneFetchFile> from the conf.xml, the
>>> signer starts normally.
>>> Any ideas about the reason?
>>> Cheers,
>>> Antti

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Opendnssec-user mailing list