[Opendnssec-user] Re: Bind AXFR problem
Daniel Salzman
daniel.salzman at nic.cz
Thu May 17 15:03:43 UTC 2012
It seems that Bind doesn't send AXFR at first but sends standard query
SOA with TSIG. OpenDNSSEC responses without TSIG on standard query...
Dan
On 05/16/2012 05:06 PM, Daniel Salzman wrote:
> Hi,
>
> I'm not sure where the problem is, but Bind (9.7.3, 9.8.1-P1) rarely
> downloads zone from OpenDNSSEC (1.4.0-trunk r6339). Dig utility or
> KnotDNS downloads zone each time.
>
> Logs for unsuccessful case:
>
> == 172.20.20.215 ==
> May 16 16:56:11 nic ods-signerd: [socket] incoming udp message
> May 16 16:56:11 nic ods-signerd: [query] tsig ok
> May 16 16:56:11 nic ods-signerd: [query] incoming query qtype=SOA for
> zone ccc.cz
> May 16 16:56:11 nic ods-signerd: [acl] match 172.20.20.201
> May 16 16:56:11 nic ods-signerd: [socket] query processed qstate=0
> May 16 16:56:11 nic ods-signerd: [socket] sending 594 bytes over udp
> May 16 16:56:11 nic ods-signerd: [dnshandler] netio dispatch
>
> == 172.20.20.201 ==
> May 16 16:55:41 dan named[26167]: zone ccc.cz/IN: refresh: failure
> trying master 172.20.20.215#1053 (source 0.0.0.0#0): expected a TSIG or
> SIG(0)
>
>
> (sorry for spamming)
> Dan
More information about the Opendnssec-user
mailing list