[Opendnssec-user] AXFR's Between OpenDNSSEC + PowerDNS

Craig Whitmore lennon at orcon.net.nz
Mon Jun 20 02:08:31 CEST 2011



On 20/06/11 11:59 AM, "Sebastian Castro" <sebastian at nzrs.net.nz> wrote:

>On 06/20/2011 11:50 AM, Craig Whitmore wrote:
>> Hi there.
>> 
>
>Hi Craig,
>
>> I am trying to use  PowerDNS -> OpenDNSSEC (signing) -> PowerDNS
>> (slaves) as PowerDNS at the moment is not (IMHO) not good enough yet to
>> do the signing/roll overs etc  at the moment.
>> 
>> Reading: http://comments.gmane.org/gmane.network.dns.opendnssec.user/631
>> 
>> On the slave if I do a pdns_control retrieve <domain> it sends a notify
>> without the AA bit set
>> 
>
>Just to clarifiy, Usually a master will send a notify, not the slave. Do
>you mean an AXFR?

Yes an AXFR.. The slave requesting the ZONE.

Ie from powerdns slave

pdns_control retrieve spam.co.nz ( I want the slave to do an AXFR from
openDNSsec to get a copy of the zone)

I get

Jun 19 22:20:25 database1 pdns[12413]: Initiating transfer of 'spam.co.nz'
from remote '114.23.33.130'
Jun 19 22:20:25 database1 pdns[12413]: gmysql Connection successful
Jun 19 22:20:25 database1 pdns[12413]: last message repeated 2 times
Jun 19 22:20:25 database1 pdns[12413]: Unable to AXFR zone
'videobears.co.nz' from remote '114.23.33.130' (resolver): Remote
nameserver closed TCP connection


>From opendnssec

ods-signerd: zone fetcher drop bad notify




>Domain Name System (query)
>    Length: 28
>    Transaction ID: 0x8fd2
>    Flags: 0x0000 (Standard query)
>        0... .... .... .... = Response: Message is a query
>        .000 0... .... .... = Opcode: Standard query (0)
>        .... ..0. .... .... = Truncated: Message is not truncated
>        .... ...0 .... .... = Recursion desired: Don't do query
>recursively
>        .... .... .0.. .... = Z: reserved (0)
>        .... .... ...0 .... = Non-authenticated data OK:
>Non-authenticated data is unacceptable
>    Questions: 1
>    Answer RRs: 0
>    Authority RRs: 0
>    Additional RRs: 0
>    Queries
>        spam.co.nz: type AXFR, class IN
>            Name: spam.co.nz
>            Type: AXFR (Request for full zone transfer)
>            Class: IN (0x0001)
>





More information about the Opendnssec-user mailing list