[Opendnssec-user] AXFR's Between OpenDNSSEC + PowerDNS
Sebastian Castro
sebastian at nzrs.net.nz
Sun Jun 19 23:59:45 UTC 2011
On 06/20/2011 11:50 AM, Craig Whitmore wrote:
> Hi there.
>
Hi Craig,
> I am trying to use PowerDNS -> OpenDNSSEC (signing) -> PowerDNS
> (slaves) as PowerDNS at the moment is not (IMHO) not good enough yet to
> do the signing/roll overs etc at the moment.
>
> Reading: http://comments.gmane.org/gmane.network.dns.opendnssec.user/631
>
> On the slave if I do a pdns_control retrieve <domain> it sends a notify
> without the AA bit set
>
Just to clarifiy, Usually a master will send a notify, not the slave. Do
you mean an AXFR?
> So opendnssec errors on it.
Could you post the error you got?
>
> This is set as they read RFC 1996 BUT RFC 5936 says for an AXFR Query 2.1.1
>
> The AA bit "n/a" -- The value in this field has no meaning in the context of
>
> AXFR query messages. For the client, it is RECOMMENDED that the
> value be zero. The server MUST ignore this value.
>
>
> So.. RFC 1996 is old and RFC 5936 is right so commenting out the check
> for the AA for a slave retrieving the zone on opendnssec should be done?
>
> Comments or Am I reading this completely wrong?
>
> Thanks
> Craig
>
Cheers,
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
--
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
More information about the Opendnssec-user
mailing list