[Opendnssec-user] AXFR's Between OpenDNSSEC + PowerDNS

Craig Whitmore lennon at orcon.net.nz
Sun Jun 19 23:50:56 UTC 2011

Hi there.

I am trying to use  PowerDNS -> OpenDNSSEC (signing) -> PowerDNS (slaves) as
PowerDNS at the moment is not (IMHO) not good enough yet to do the
signing/roll overs etc  at the moment.

Reading: http://comments.gmane.org/gmane.network.dns.opendnssec.user/631

On the slave if I do a pdns_control retrieve <domain> it sends a notify
without the AA bit set

So opendnssec errors on it.

This is set as they read RFC 1996 BUT RFC 5936 says for an AXFR Query 2.1.1

The AA bit "n/a" -- The value in this field has no meaning in the context of
      AXFR query messages.  For the client, it is RECOMMENDED that the
      value be zero.  The server MUST ignore this value.

So.. RFC 1996 is old and RFC 5936 is right so commenting out the check for
the AA for a slave retrieving the zone on opendnssec should be done?

Comments or Am I reading this completely wrong?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110620/3f11301b/attachment.htm>

More information about the Opendnssec-user mailing list