[Opendnssec-user] Must have DNS notify?
klaus.mailinglists at pernau.at
Fri Aug 9 08:22:04 UTC 2013
On 08.08.2013 14:46, Havard Eidnes wrote:
> It seems to me that when you configure OpenDNSSEC to use DNS to
> fetch an unsigned zone and provide a signed zone, it behaves
> differently from a proper DNS server in one important aspect, namely
> that it does not appear to do periodic SOA queries towards the
> provider of the unsigned zone, and it does not appear to answer SOA
> queries itself, but rather appears to depend singularly on notify
> messages to trigger zone transfers and re-signing operations.
AFAIK this is also with ODS 1.3 which supports incoming AXFR only. As
workaround we have a cron job with "rndc notify ..." on the Bind server
to send NOTIFYs every 5 minutes to ODS.
More information about the Opendnssec-user