[Opendnssec-user] OpenDNSSEC AXFR question
Volker Janzen
voja at voja.de
Fri Jun 25 09:11:23 UTC 2010
Hi Matthijs,
thanks for your reply.
> If there is no .axfr file, it cannot be moved to be the designated
> unsigned input file. Was the transfer successful?
This was the correct question. bind was sending notifies, but no sign of a
client trying to AXFR. I did not notice that before because I was trying
to force signing via command line too.
Investigating with netstat I found out that my NotifyListen directives in
zonefetch.xml do not result in someone listening on the IP/port
combination.
I'm using these zonefetch.xml settings:
<!-- where to listen for notifies -->
<!-- DEFAULT: do not listen to notify on specific address -->
<NotifyListen><IPv4>myFirstIP</IPv4><Port>1234</Port></NotifyListen><NotifyListen><IPv4>mySecondIP</IPv4><Port>53</Port></NotifyListen>
(Just the first NotifyListen does not make a difference)
Changing the port to a higher number (I let OpenDNSSEC drop root
priviledges) does not have an effect either.
zonefetch.xml is also activated in conf.xml by
<ZoneFetchFile>/etc/opendnssec/zonefetch.xml</ZoneFetchFile>
Do you have any ideas what I need to check to find out what's wrong?
Best regards,
Volker Janzen
More information about the Opendnssec-user
mailing list