[Opendnssec-user] NotifyCommand not executed

Sebastian Castro sebastian at nzrs.net.nz
Tue Nov 30 20:11:39 UTC 2010


Simon Mittelberger wrote:
> Hello,

Hi Simon,

> 
> on the enforcers first run the NotifyCommand is not executed.
> 
> I was able to reproduce the following on versions: OpenDNSSEC 1.2.0 rc2
> and trunk:
> 
> * the package is started with ods-control start
> * a zone gets added: ods-control ksm zone add -z $domain -p $policy -i
> $unsigned_zonefile -o $signed_zonefile -s $signconf_file
> * kick the enforcer: ods-control enforcer notify
> * the zone is signed and output correctly
> * after signing the zone, when the method tools_write_output(zone_type*
> zone) is called, the part of the code, where the notify command for the
> nameserver should be executed is not processed, because zone->notify_ns
> is NULL.
> 
> If the signer is restarted it works:
> 
> - ods-signer stop
> - ods-signer start
> - ods-signer sign domain.tld
> 
> It seems like the NotifyCommand is only set for zones when the signer
> engine is recovered from backup. On freshly added zones it is not set.
> 

I've tested adding fresh zones to a running OpenDNSSEC and it works
properly. Perhaps the problem was with the sequence you followed, adding
the zone first and then activating the enforcer.

I've seen a situation where the zone->notify_ns is cleared out and the
NotifyCommand is not run, but I wasn't able to reproduce it. May be
there is a race-conditiong somewhere?


cheers,

> 
> All the best,
> Simon
> 
> 
> 
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user


-- 
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535



More information about the Opendnssec-user mailing list