[Opendnssec-user] OpenDNSSEC AXFR question

Matthijs Mekking matthijs at NLnetLabs.nl
Fri Jun 25 08:28:01 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Volker,

If there is no .axfr file, it cannot be moved to be the designated
unsigned input file. Was the transfer successful? Did you get a
<domainname>.axfr file in the unsigned directory? Does the zone_fetcher
log useful information?

Best regards,

Matthijs

On 06/24/2010 02:38 PM, Volker Janzen wrote:
> Hi,
> 
> I'm currently trying to get a setup working, where OpenDNSSEC has to use
> AXFR to fetch the unsigned zone from a hidden master DNS server and should
> later serve these signed zones to the authorative DNS servers.
> 
> OpenDNSSEC should AXFR from a Bind server. When Bind loads the new zone,
> it sends the AXFR to OpenDNSSEC (bind is configured with also-notify
> ip/port of OpenDNSSEC). What I get in the logfile is the following
> (<domainame> is the correct name of the zone):
> 
> Jun 24 12:40:02 h1773255 ods-signerd: Received command: 'sign <domainame>'
> Jun 24 12:40:02 h1773255 ods-signerd: Scheduling task to sign <domainame>
> at 1277375590.64 with resign time 7200
> Jun 24 12:40:02 h1773255 ods-signerd: acquire cond
> Jun 24 12:40:02 h1773255 ods-signerd: notify
> Jun 24 12:40:02 h1773255 ods-signerd: release cond
> Jun 24 12:40:02 h1773255 ods-signerd: Releasing lock on engine
> Jun 24 12:40:02 h1773255 ods-signerd: Sending response: Zone scheduled for
> immediate resign
> Jun 24 12:40:02 h1773255 ods-signerd: Done handling command
> Jun 24 12:40:02 h1773255 ods-signerd: Client socket shut down
> Jun 24 12:40:02 h1773255 ods-signerd: worker 1 acquiring lock
> Jun 24 12:40:02 h1773255 ods-signerd: worker 1 acquired lock
> Jun 24 12:40:02 h1773255 ods-signerd: worker 1 released lock
> Jun 24 12:40:02 h1773255 ods-signerd: Got task for worker 1
> Jun 24 12:40:02 h1773255 ods-signerd: Worker 1 run task
> Jun 24 12:40:02 h1773255 ods-signerd: Zone action to perform: 4
> Jun 24 12:40:02 h1773255 ods-signerd: Fetch zone:
> /var/lib/opendnssec/unsigned/<domainame>.axfr
> Jun 24 12:40:02 h1773255 ods-signerd: Fetch zone:
> /var/lib/opendnssec/unsigned/<domainame>.axfr
> Jun 24 12:40:02 h1773255 ods-signerd: Input file missing:
> /var/lib/opendnssec/unsigned/<domainame>
> 
> I read in the docs that zonefetch stores the AXFR result as the input file
> adapter plus an additional ".axfr" extension. It appears that signerd
> cannot find the AXFRed file.
> 
> So my question is: how can I fix this?
> 
> I'm using OpenDNSSEC 1.1.0.dfsg-1 on a Debian lenny (with backports).
> 
> 
> Best regards,
>    Volker Janzen
> 
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMJGiQAAoJEA8yVCPsQCW5tgoH/A71OgeODWoOkpZOn2OQSjw1
VRZa5dMCCE6tW/D1Mz6LXuAjxp0Q22cmgM/1SX/Ie0erSM0sltJbqsa38irFdlhx
aedCSUdPuHph2cymShRR44yRyjhOsL9wxAd+jUxuEztRR0hvmk4WI77zUDeVxiLr
2vQeS9dueiiBfYxGpykRdCBk8PaNs646tnGhixs/b1hzSZXn+IZGUJxykbuleWc9
uBHGj8pRUCD4MiNQCUMyzz+aB1KYPlE0QoC2zkS1TJ72GqEsBRavH+UG1Zqcvgjg
uVfHxud1eNYfPUd3uR4ks4UMHCWugR5g7y63vqPXkOilRTBqjcCZogzVJZlwC94=
=Vsii
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list