[Opendnssec-user] Must have DNS notify?
Sara Dickinson
sara at sinodun.com
Fri Aug 9 09:03:36 UTC 2013
On 9 Aug 2013, at 09:22, Klaus Darilion wrote:
>
>
> On 08.08.2013 14:46, Havard Eidnes wrote:
>> It seems to me that when you configure OpenDNSSEC to use DNS to
>> fetch an unsigned zone and provide a signed zone, it behaves
>> differently from a proper DNS server in one important aspect, namely
>> that it does not appear to do periodic SOA queries towards the
>> provider of the unsigned zone, and it does not appear to answer SOA
>> queries itself, but rather appears to depend singularly on notify
>> messages to trigger zone transfers and re-signing operations.
>
> AFAIK this is also with ODS 1.3 which supports incoming AXFR only. As workaround we have a cron job with "rndc notify ..." on the Bind server to send NOTIFYs every 5 minutes to ODS.
Hi,
Matthijs (our DNS adaptor expert) is away this week and next and he can confirm when he returns....
But I do know that on the output side the DNS adaptor in OpenDNSSEC 1.4 certainly responds to SOA queries as we have just fixed a bug related to this in the upcoming 1.4.2 release:
https://issues.opendnssec.org/browse/OPENDNSSEC-424
My understanding is that the input side DNS adaptor uses the refresh field on the SOA to determine when to request further zone transfers.
Sara.
>
> regards
> Klaus
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
More information about the Opendnssec-user
mailing list