[Opendnssec-user] Migrating zones from file to axfr adapter?

Havard Eidnes he at uninett.no
Wed Jul 17 21:29:39 UTC 2013


Hi,

I'm a newbie trying to find my way around OpenDNSSEC.  I started
with 1.3.13, and after a few failed starts and some helpful hints
from the people responding to bug reports, I managed to coerce
OpenDNSSEC to produce a signed zone file, using the zonefetch
method, and my /var/opendnssec tree now contains the following
files:

./signconf/156.193.in-addr.arpa.xml
./signconf/156.193.in-addr.arpa.xml.OLD
./signed/156.193.in-addr.arpa
./unsigned/156.193.in-addr.arpa
./unsigned/156.193.in-addr.arpa.axfr

Now, I've installed OpenDNSSEC version 1.4.1, and did the
conversion of the Sqlite3 database, and want to start using the
"axfr in" and "axfr out" adapters for this zone instead of the
old signer interface which did "file in", "file out".  By the
looks of it, I need to modify the zonelist.xml file, and replace
the <Input><File> sections with <Input><Adapter type="DNS"> etc.,
and "ods-ksmutil update all" now accepts that config as valid.

However, trying to do a zone transfer from the configured
consumer fails, and in the log I get

Jul 17 22:02:06 xxxxx ods-signerd: [axfr] unable to open axfr file 156.193.in-addr.arpa.axfr for zone 156.193.in-addr.arpa

I'm thinking: Well, if the configured method needs a file with a
particular name in a particular directory, it's OpenDNSSEC's job
ensure that file gets created, not mine!

What am I missing?

Do I need to delete and re-add the zone?  Won't that recycle the
KSK key? Not that I've copied the DS, but ... Among other
things, I wanted to see whether the required conversions were
sufficiently documented...

(The zone file has most probably not been fetched using the input
adapter, so what's in /var/opendnssec is what ODS 1.3.13 left
there, since the zone file has not been updated on the master
server.)

Regards,

- Håvard



More information about the Opendnssec-user mailing list