[Opendnssec-user] Notification from PowerDNS
Markus Lauer
mlauer at key-systems.net
Thu Dec 9 08:54:22 UTC 2010
Hi List!
Notifies from PowerDNS Master (when explicit queued by pdns_control notify-
host) lead to a "zone fetcher drop bad notify" error.
if (ldns_pkt_get_opcode(query_pkt) != LDNS_PACKET_NOTIFY ||
ldns_pkt_get_rcode(query_pkt) != LDNS_RCODE_NOERROR ||
ldns_pkt_qr(query_pkt) ||
/* !ldns_pkt_aa(query_pkt) || */
ldns_pkt_tc(query_pkt) ||
ldns_pkt_rd(query_pkt) ||
ldns_pkt_ra(query_pkt) ||
ldns_pkt_cd(query_pkt) ||
ldns_pkt_ad(query_pkt) ||
ldns_pkt_qdcount(query_pkt) != 1 ||
ldns_pkt_nscount(query_pkt) != 0 ||
ldns_pkt_arcount(query_pkt) != 0 ||
ldns_rr_get_type(query_rr) != LDNS_RR_TYPE_SOA ||
ldns_rr_get_class(query_rr) != LDNS_RR_CLASS_IN)
{
se_log_info("zone fetcher drop bad notify");
return;
}
When I comment out the AA-flag check I works like a charm.
Is PowerDNS just missing this flag or is OpenDNSSEC to strict?
Any hint in the right direction would be appreciated.
Regards,
Markus
PS: Please see also blog entry from Jan-Piet Mens:
http://blog.fupps.com/2010/09/15/hints-on-getting-powerdns-to-use-opendnssec-
for-signing-zones
More information about the Opendnssec-user
mailing list