[Opendnssec-user] OpenDNSSEC in ISP environment (lots of small zones)?
matthijs at NLnetLabs.nl
Mon Jan 31 13:10:14 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 01/31/2011 02:04 PM, Jan-Piet Mens wrote:
>> It does not look a permission problem to me: the log message appears
>> because ldns_axfr_next() could not get a RR from the AXFR.
>> The most obvious reasons for this failure are
>> - - the wire could not be converted to the ldns packet structure (for
>> example, a RR could not be parsed)
>> - - the RCODE does not equal NOERROR
> I consider that a bit doubtful: the zone is served by BIND 9.7.2-P3 and
> contains nothing terribly exciting in the way of RR. Furthermore Unbound
> can query any record in those zones.
There are other reasons why that function can fail. Anyway, if
ldns_axfr_next() would return a RR, the log message:
Jan 28 16:10:00 sign1 ods-signerd: AXFR for new zone c1006.aa failed
would not appear. So, I am pretty certain that ldns_axfr_next() failed.
The question now is why?
Also, I don't think the verbosity has anything to do with it.
> Additionally, as shown in a message a few minutes ago, increasing the
> verbosity of the signer triggers a successful AXFR ...
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Opendnssec-user