[Opendnssec-user] OpenDNSSEC in ISP environment (lots of small zones)?

[Matthijs Mekking]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jan-Piet,

On 01/31/2011 02:04 PM, Jan-Piet Mens wrote:
> Matthijs,
> 
>> It does not look a permission problem to me: the log message appears
>> because ldns_axfr_next() could not get a RR from the AXFR.
>>
>> The most obvious reasons for this failure are
>> - - the wire could not be converted to the ldns packet structure (for
>> example, a RR could not be parsed)
>> - - the RCODE does not equal NOERROR
> 
> I consider that a bit doubtful: the zone is served by BIND 9.7.2-P3 and
> contains nothing terribly exciting in the way of RR. Furthermore Unbound
> can query any record in those zones.

There are other reasons why that function can fail. Anyway, if
ldns_axfr_next() would return a RR, the log message:

Jan 28 16:10:00 sign1 ods-signerd: AXFR for new zone c1006.aa failed

would not appear. So, I am pretty certain that ldns_axfr_next() failed.
The question now is why?

Also, I don't think the verbosity has anything to do with it.

Best regards,

Matthijs




> 
> Additionally, as shown in a message a few minutes ago, increasing the
> verbosity of the signer triggers a successful AXFR ...
> 
>     -JP
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNRrS1AAoJEA8yVCPsQCW5xg8H/0nS/xzox79bp4jbmoasGlgq
yqNQk/9xbOpPsJozIEkjE4hqHmbf+7TSXA+iwDdmYzPWFBmb39vf3Qx7IYmNuxE2
GvP0KgJUI9t4cj7MSRfE8bEhYWkhPybYhDIeGlgD6arkvDn+5MHdKfmABFtt9sIf
d3wv22FJDWRJ8askXG4jtiYouMC+zwZF6CC4msBt7r74H7uhKrjBQTgQJ1gxh/J2
uSuengwEQWlBJojb9KkaYlValAYQsk0FQnNOl5zQsOqwXCUfFrivOdJr0FnPV4XW
mtO+2pLSDEcsWrG9ModEKJ6xG96CfbSBUtqAj99byzqOb1Xg+dGuYWz4jLdh5TE=
=jQub
-----END PGP SIGNATURE-----