[Opendnssec-user] Re: Bind AXFR problem
Matthijs Mekking
matthijs at nlnetlabs.nl
Mon May 21 13:27:47 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Daniel,
Again thanks for this report. It seems that the SOA query includes an
OPT RR, which is not expected by OpenDNSSEC. The trunk now includes
EDNS support, so that such OPT RRs does not confuse the signer engine
and it continues the search for the TSIG RR. Tested it with BIND 9.6
as a slave.
Best regards,
Matthijs
On 05/17/2012 05:03 PM, Daniel Salzman wrote:
> It seems that Bind doesn't send AXFR at first but sends standard
> query SOA with TSIG. OpenDNSSEC responses without TSIG on standard
> query...
>
> Dan
>
>
> On 05/16/2012 05:06 PM, Daniel Salzman wrote:
>> Hi,
>>
>> I'm not sure where the problem is, but Bind (9.7.3, 9.8.1-P1)
>> rarely downloads zone from OpenDNSSEC (1.4.0-trunk r6339). Dig
>> utility or KnotDNS downloads zone each time.
>>
>> Logs for unsuccessful case:
>>
>> == 172.20.20.215 == May 16 16:56:11 nic ods-signerd: [socket]
>> incoming udp message May 16 16:56:11 nic ods-signerd: [query]
>> tsig ok May 16 16:56:11 nic ods-signerd: [query] incoming query
>> qtype=SOA for zone ccc.cz May 16 16:56:11 nic ods-signerd: [acl]
>> match 172.20.20.201 May 16 16:56:11 nic ods-signerd: [socket]
>> query processed qstate=0 May 16 16:56:11 nic ods-signerd:
>> [socket] sending 594 bytes over udp May 16 16:56:11 nic
>> ods-signerd: [dnshandler] netio dispatch
>>
>> == 172.20.20.201 == May 16 16:55:41 dan named[26167]: zone
>> ccc.cz/IN: refresh: failure trying master 172.20.20.215#1053
>> (source 0.0.0.0#0): expected a TSIG or SIG(0)
>>
>>
>> (sorry for spamming) Dan
> _______________________________________________ Opendnssec-user
> mailing list Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPukLTAAoJEA8yVCPsQCW5ejUIALGUzyOaGW3y4Ynmg/JbJz2O
HEU1UKtR7WenHzm6lIxSiKpKPvtSceKa3G3pmEcrvSkkBQCSxEHK0wWggyZy/1DW
o8Zb97ZyYftcqe7uZckor1G69Vj7KTWGldH3XbhySImrfYgzaojOOuei9CM4frkB
Qha4iVkuErEOWbKEbTy5RfC0mmyandmGW+xBhZRx1+dTtOzrmBvF9Z718/AtyYUg
WIFwovWxPZzxYqCyV7g6LU7yblWr3OaR3VzUIX5t+e2nHupQtWEb3qz/TKUFBH2l
5+YHRS06y4mUOMKzQDS9EOrhtt1rfAldYfbvkTqAnNgp1m0CJadwumIW8xFcPVg=
=Hq76
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list