[Opendnssec-user] AXFR's Between OpenDNSSEC + PowerDNS
Craig Whitmore
lennon at orcon.net.nz
Sun Jun 19 23:50:56 UTC 2011
Hi there.
I am trying to use PowerDNS -> OpenDNSSEC (signing) -> PowerDNS (slaves) as
PowerDNS at the moment is not (IMHO) not good enough yet to do the
signing/roll overs etc at the moment.
Reading: http://comments.gmane.org/gmane.network.dns.opendnssec.user/631
On the slave if I do a pdns_control retrieve <domain> it sends a notify
without the AA bit set
So opendnssec errors on it.
This is set as they read RFC 1996 BUT RFC 5936 says for an AXFR Query 2.1.1
The AA bit "n/a" -- The value in this field has no meaning in the context of
AXFR query messages. For the client, it is RECOMMENDED that the
value be zero. The server MUST ignore this value.
So.. RFC 1996 is old and RFC 5936 is right so commenting out the check for
the AA for a slave retrieving the zone on opendnssec should be done?
Comments or Am I reading this completely wrong?
Thanks
Craig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110620/3f11301b/attachment.htm>
More information about the Opendnssec-user
mailing list