[Opendnssec-user] Must have DNS notify?

Sara Dickinson sara at sinodun.com
Fri Aug 9 09:03:36 UTC 2013

On 9 Aug 2013, at 09:22, Klaus Darilion wrote:

> On 08.08.2013 14:46, Havard Eidnes wrote:
>> It seems to me that when you configure OpenDNSSEC to use DNS to
>> fetch an unsigned zone and provide a signed zone, it behaves
>> differently from a proper DNS server in one important aspect, namely
>> that it does not appear to do periodic SOA queries towards the
>> provider of the unsigned zone, and it does not appear to answer SOA
>> queries itself, but rather appears to depend singularly on notify
>> messages to trigger zone transfers and re-signing operations.
> AFAIK this is also with ODS 1.3 which supports incoming AXFR only. As workaround we have a cron job with "rndc notify ..." on the Bind server to send NOTIFYs every 5 minutes to ODS.


Matthijs (our DNS adaptor expert) is away this week and next and he can confirm when he returns....

But I do know that on the output side the DNS adaptor in OpenDNSSEC 1.4 certainly responds to SOA queries as we have just fixed a bug related to this in the upcoming 1.4.2 release:


My understanding is that the input side DNS adaptor uses the refresh field on the SOA to determine when to request further zone transfers. 


> regards
> Klaus
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

More information about the Opendnssec-user mailing list