[Opendnssec-user] AXFR's Between OpenDNSSEC + PowerDNS
lennon at orcon.net.nz
Mon Jun 20 00:08:31 UTC 2011
On 20/06/11 11:59 AM, "Sebastian Castro" <sebastian at nzrs.net.nz> wrote:
>On 06/20/2011 11:50 AM, Craig Whitmore wrote:
>> Hi there.
>> I am trying to use PowerDNS -> OpenDNSSEC (signing) -> PowerDNS
>> (slaves) as PowerDNS at the moment is not (IMHO) not good enough yet to
>> do the signing/roll overs etc at the moment.
>> Reading: http://comments.gmane.org/gmane.network.dns.opendnssec.user/631
>> On the slave if I do a pdns_control retrieve <domain> it sends a notify
>> without the AA bit set
>Just to clarifiy, Usually a master will send a notify, not the slave. Do
>you mean an AXFR?
Yes an AXFR.. The slave requesting the ZONE.
Ie from powerdns slave
pdns_control retrieve spam.co.nz ( I want the slave to do an AXFR from
openDNSsec to get a copy of the zone)
Jun 19 22:20:25 database1 pdns: Initiating transfer of 'spam.co.nz'
from remote '22.214.171.124'
Jun 19 22:20:25 database1 pdns: gmysql Connection successful
Jun 19 22:20:25 database1 pdns: last message repeated 2 times
Jun 19 22:20:25 database1 pdns: Unable to AXFR zone
'videobears.co.nz' from remote '126.96.36.199' (resolver): Remote
nameserver closed TCP connection
ods-signerd: zone fetcher drop bad notify
>Domain Name System (query)
> Length: 28
> Transaction ID: 0x8fd2
> Flags: 0x0000 (Standard query)
> 0... .... .... .... = Response: Message is a query
> .000 0... .... .... = Opcode: Standard query (0)
> .... ..0. .... .... = Truncated: Message is not truncated
> .... ...0 .... .... = Recursion desired: Don't do query
> .... .... .0.. .... = Z: reserved (0)
> .... .... ...0 .... = Non-authenticated data OK:
>Non-authenticated data is unacceptable
> Questions: 1
> Answer RRs: 0
> Authority RRs: 0
> Additional RRs: 0
> spam.co.nz: type AXFR, class IN
> Name: spam.co.nz
> Type: AXFR (Request for full zone transfer)
> Class: IN (0x0001)
More information about the Opendnssec-user