[Opendnssec-user] OpenDNSSEC AXFR question

Volker Janzen voja at voja.de
Fri Jun 25 09:11:23 UTC 2010

Hi Matthijs,

thanks for your reply.

> If there is no .axfr file, it cannot be moved to be the designated
> unsigned input file. Was the transfer successful?

This was the correct question. bind was sending notifies, but no sign of a
client trying to AXFR. I did not notice that before because I was trying
to force signing via command line too.

Investigating with netstat I found out that my NotifyListen directives in
zonefetch.xml do not result in someone listening on the IP/port

I'm using these zonefetch.xml settings:

<!-- where to listen for notifies -->
<!-- DEFAULT: do not listen to notify on specific address -->

(Just the first NotifyListen does not make a difference)

Changing the port to a higher number (I let OpenDNSSEC drop root
priviledges) does not have an effect either.

zonefetch.xml is also activated in conf.xml by


Do you have any ideas what I need to check to find out what's wrong?

Best regards,
   Volker Janzen

More information about the Opendnssec-user mailing list