[opendnssec-user]Does 1.4 support IXFR now?

Matthijs Mekking matthijs at nlnetlabs.nl
Tue Oct 30 10:02:11 UTC 2012


Hi,

1.4 supports IXFR. Can you look on the queries that go in and out? Does
BIND ask for AXFR?

If there is more than one update of the zone in OpenDNSSEC, the tmp
directory should hould a <zone>.ixfr file.

You can also test IXFR responses by sending zone transfer requests with
dig/drill to OpenDNSSEC, although both tools are quite buggy when it
comes to IXFR/TCP.

Best regards,
  Matthijs

On 10/30/2012 09:54 AM, 刘硕 wrote:
> Hi everyone,
>  
> I'm using 1.4.0b1 for test, I use Adapter DNS and with OpenDNSSEC as an
> inbound to a BIND server,
> that means I do not use the Inbound in addns.xml.
> I have noticed in BIND's log that BIND always received the same size of
> data if there was no change to
> the unsigned zone file, but I think it should receive only the updated
> RRs like SOA and its signature,
> right?I tried to add some new RRs to the unsigned zone and signed, but
> in the xfer_in log of
> BIND still got all the messages, doest that mean that only AXFR are
> supported?Or should I use a BIND
> as OpenDNSSEC's inbound,and OpenDNSSEC will receive newly updated RRs?
> What should I do if I wanna use IXFR because the zone file is really big
> here,and I have to sign the
> whole zone file though most of the signatures are reused,I only wanna
> bother ods-signerd with the newly
> added or changed RRs which should be received via IXFR I think.
>  
>  
> Regards,
> Stuart 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 551 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20121030/a5ba0a18/attachment.bin>


More information about the Opendnssec-user mailing list