[Opendnssec-user] Running signer with zone fetcher
matthijs at NLnetLabs.nl
Thu Oct 8 12:16:06 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
About the <Port>, that is right. The problem with that is that the ldns
resolver only allows to configure one remote port. It would be best to
make that nameserver dependent.
However, for now I made a fix that it will fetch the first configured
<Port> and use that instead of the default 53 port.
I also provided a fix for listening to notifies on one or more specific
interfaces. However, I don't see the same behavior as you do. It works
# netstat -anp | grep 5678
tcp 0 0 213.154.224.??:5678 0.0.0.0:* LISTEN 14268/zone_fetcher
udp 0 0 213.154.224.??:5678 0.0.0.0:* 14268/zone_fetcher
And if I try to configure not-owned ip addresses, it will fail as expected.
Can you provide me more details about the zonefetch.xml and your system
if the problem persists?
Antti Ristimäki wrote:
> Hi Matthijs and others,
> One more thing about zone fetcher. It doesn't seem to understand the
> <Port> statement in the zonefetch.xml file. At least in our test bed it
> is always sending the AXFR request to the standard server port 53
> instead of the port given in zonefetch.xml.
> In addition, how can one make the zone fetcher listen to NOTIFY messages
> on a specific address? At least the <IPv4> statement inside the
> <NotifyListen> statement doesn't seem to do the trick. The <Port>
> statement works for the listener, but it binds on all possible addresses.
> On Wed, 7 Oct 2009, Matthijs Mekking wrote:
>> it should have been config, not zone_config. Fixed in trunk.
>> Antti Ristimäki wrote:
>>> I have a problem when running the signer with the zone fetcher. In the
>>> conf.xml, I have the statement
>>> When trying to run the signer, it logs the following error message:
>>> Error: Engine instance has no attribute 'zone_config'
>>> If I comment out the statement <ZoneFetchFile> from the conf.xml, the
>>> signer starts normally.
>>> Any ideas about the reason?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Opendnssec-user