[Opendnssec-user] Notification from PowerDNS

Markus Lauer mlauer at key-systems.net
Thu Dec 9 09:54:22 CET 2010


Hi List!


Notifies from PowerDNS Master (when explicit queued by pdns_control notify-
host) lead to a "zone fetcher drop bad notify" error.




    if (ldns_pkt_get_opcode(query_pkt) != LDNS_PACKET_NOTIFY ||
        ldns_pkt_get_rcode(query_pkt)  != LDNS_RCODE_NOERROR ||
        ldns_pkt_qr(query_pkt) ||
/*        !ldns_pkt_aa(query_pkt) ||  */
        ldns_pkt_tc(query_pkt) ||
        ldns_pkt_rd(query_pkt) ||
        ldns_pkt_ra(query_pkt) ||
        ldns_pkt_cd(query_pkt) ||
        ldns_pkt_ad(query_pkt) ||
        ldns_pkt_qdcount(query_pkt) != 1 ||
        ldns_pkt_nscount(query_pkt) != 0 ||
        ldns_pkt_arcount(query_pkt) != 0 ||
        ldns_rr_get_type(query_rr) != LDNS_RR_TYPE_SOA ||
        ldns_rr_get_class(query_rr) != LDNS_RR_CLASS_IN)
    {
        se_log_info("zone fetcher drop bad notify");
        return;
    }


When I comment out the AA-flag check I works like a charm.

Is PowerDNS just missing this flag or is OpenDNSSEC to strict?


Any hint in the right direction would be appreciated.


Regards,

Markus

PS: Please see also blog entry from Jan-Piet Mens: 
http://blog.fupps.com/2010/09/15/hints-on-getting-powerdns-to-use-opendnssec-
for-signing-zones





More information about the Opendnssec-user mailing list