[Opendnssec-user] OpenDNSSEC AXFR question

Volker Janzen voja at voja.de
Thu Jun 24 12:38:04 UTC 2010


Hi,

I'm currently trying to get a setup working, where OpenDNSSEC has to use
AXFR to fetch the unsigned zone from a hidden master DNS server and should
later serve these signed zones to the authorative DNS servers.

OpenDNSSEC should AXFR from a Bind server. When Bind loads the new zone,
it sends the AXFR to OpenDNSSEC (bind is configured with also-notify
ip/port of OpenDNSSEC). What I get in the logfile is the following
(<domainame> is the correct name of the zone):

Jun 24 12:40:02 h1773255 ods-signerd: Received command: 'sign <domainame>'
Jun 24 12:40:02 h1773255 ods-signerd: Scheduling task to sign <domainame>
at 1277375590.64 with resign time 7200
Jun 24 12:40:02 h1773255 ods-signerd: acquire cond
Jun 24 12:40:02 h1773255 ods-signerd: notify
Jun 24 12:40:02 h1773255 ods-signerd: release cond
Jun 24 12:40:02 h1773255 ods-signerd: Releasing lock on engine
Jun 24 12:40:02 h1773255 ods-signerd: Sending response: Zone scheduled for
immediate resign
Jun 24 12:40:02 h1773255 ods-signerd: Done handling command
Jun 24 12:40:02 h1773255 ods-signerd: Client socket shut down
Jun 24 12:40:02 h1773255 ods-signerd: worker 1 acquiring lock
Jun 24 12:40:02 h1773255 ods-signerd: worker 1 acquired lock
Jun 24 12:40:02 h1773255 ods-signerd: worker 1 released lock
Jun 24 12:40:02 h1773255 ods-signerd: Got task for worker 1
Jun 24 12:40:02 h1773255 ods-signerd: Worker 1 run task
Jun 24 12:40:02 h1773255 ods-signerd: Zone action to perform: 4
Jun 24 12:40:02 h1773255 ods-signerd: Fetch zone:
/var/lib/opendnssec/unsigned/<domainame>.axfr
Jun 24 12:40:02 h1773255 ods-signerd: Fetch zone:
/var/lib/opendnssec/unsigned/<domainame>.axfr
Jun 24 12:40:02 h1773255 ods-signerd: Input file missing:
/var/lib/opendnssec/unsigned/<domainame>

I read in the docs that zonefetch stores the AXFR result as the input file
adapter plus an additional ".axfr" extension. It appears that signerd
cannot find the AXFRed file.

So my question is: how can I fix this?

I'm using OpenDNSSEC 1.1.0.dfsg-1 on a Debian lenny (with backports).


Best regards,
   Volker Janzen





More information about the Opendnssec-user mailing list