[Opendnssec-user] OpenDNSSEC AXFR question
matthijs at NLnetLabs.nl
Fri Jun 25 11:31:51 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Some more things you can try out:
- - Is the zone fetcher actually running? (you can check with ps). If not,
it might be that it could not open the socket for listening (perhaps due
to privileges). The syslog should tell you why it failed.
- - Does the NotifyListen match the notify configuration settings from bind?
On 06/25/2010 11:11 AM, Volker Janzen wrote:
> Hi Matthijs,
> thanks for your reply.
>> If there is no .axfr file, it cannot be moved to be the designated
>> unsigned input file. Was the transfer successful?
> This was the correct question. bind was sending notifies, but no sign of a
> client trying to AXFR. I did not notice that before because I was trying
> to force signing via command line too.
> Investigating with netstat I found out that my NotifyListen directives in
> zonefetch.xml do not result in someone listening on the IP/port
> I'm using these zonefetch.xml settings:
> <!-- where to listen for notifies -->
> <!-- DEFAULT: do not listen to notify on specific address -->
> (Just the first NotifyListen does not make a difference)
> Changing the port to a higher number (I let OpenDNSSEC drop root
> priviledges) does not have an effect either.
> zonefetch.xml is also activated in conf.xml by
> Do you have any ideas what I need to check to find out what's wrong?
> Best regards,
> Volker Janzen
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Opendnssec-user