[Opendnssec-user] Notfiying slaves

Scott Armitage S.P.Armitage at lboro.ac.uk
Fri Jun 11 10:23:09 UTC 2010


I'm new to OpenDNSSEC and despite reading through the documentation I am a little unclear as to the working of OpenDNSSEC.  From presentations I have been to, I imagined that it worked like this:

* OpenDNSSEC listens for NOTIFY messages from a Master DNS Server
* OpenDNSSEC AXFR zone transfers from Master (on NOTIFY)
* OpenDNSSEC signs, then audits zones
* OpenDNSSEC NOTIFYs slaves
* Slave DNS Servers AXFR from OpenDNSSEC

--------------------                                    ----------------------                                     ------------------
| Master DNS  | === NOTIFY ===> | OpenDNSSEC |===NOTIFY=====> | Slave DNS |
|-------------------                                    -----------------------                                    ------------------
                                                                  |                       |
                                                                  | ---> SIGN ---|

However from reading documentation it seems like OpenDNSSEC doesn't do the final 2 steps; Send NOTIFY messages, and AXFR to requesting Slaves.  It seems like you need to run a DNS Server on the same box as the OpenDNSSEC,  ODS then triggers the rebuilding of the DNS once it has signed the zone:



		<!-- the <NotifyCommmand> will expand the following variables:

		     %zone      the name of the zone that was signed
		     %zonefile  the filename of the signed zone
		<NotifyCommand>/usr/sbin/rndc reload %zone</NotifyCommand>

Can anyone help me out?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20100611/3325fcb2/attachment.bin>

More information about the Opendnssec-user mailing list