[Opendnssec-user] Running signer with zone fetcher
Matthijs Mekking
matthijs at NLnetLabs.nl
Wed Oct 14 06:13:36 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Another mystery solved!:)
Thanks for the notification.
Matthijs
Antti Ristimäki wrote:
> On Mon, 12 Oct 2009, Matthijs Mekking wrote:
> Hi Matthijs,
>
> Just for your information, I now managed to make the zone fetcher work.
> The reason was that a local firewall filter blocked the UDP response
> packets coming from the hidden master. That's why the zone fetcher
> failed to query for the SOA serial.
>
> Sorry for unnecessary harm and thanks for your help!
>
> Best regards,
> Antti
>
>> Antti Ristimäki wrote:
>>> Hi Matthijs,
>>>
>>> Yes, the server is reachable on port 8054 and AXFR query with dig, for
>>> example, works. The zone fetcher will obviously use the <NotifyListen>
>>> address as a source address when querying for AXFR?
>>
>> No. The NotifyListen is only for listening to NOTIFY messages. When
>> quering for AXFR, a new socket will be created that can have a different
>> address structure. I think you request a feature to set the outgoing
>> interface for AXFR?
>>
>> Best regards,
>>
>> Matthijs
>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJK1WwOAAoJEA8yVCPsQCW5BtYH/2L+nqSo2E6BXnXtgMqfkNWt
6CiswmKiBAQUtEqfU92EFZHVDjeNXAWUg/3W9WB6yWxVD2FSYvTEjh67PbCynZj/
ctf36ABOoh2nC+hYx4R09WdH9iGhWGcg89nISp0MVDesD6yRXMZVJ+GvoZ8DIBKx
hz1fVkYbt8aiE4F4X0lxdMkFg0805qcu53fH6MnuMJW0iQJjd1Fco/DValSztAL1
UkI++CfaXEeSfLDUugiXQEfHXn0H9qiHxcBrPY2OeVJVHGvXmVy4vAxL6GeQJVEv
Oi6/3CpNocp/umPhudKJr7DmCCUhcEL8VivnV7S0WyxOeXTq2zJCxE4kQp8UAcA=
=DFOY
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list