[Opendnssec-user] OpenDNSSEC in a hidden master setup

Roman Serbski mefystofel at gmail.com
Tue Aug 26 12:27:46 UTC 2014


On Tue, Aug 26, 2014 at 12:19 PM, Klaus Darilion
<klaus.mailinglists at pernau.at> wrote:
>
> At first I would start tcpdump on the ODS server and watch if there are
> incoming NOTIFYs if you increase the serial and reload the master. Then
> watch out if ODS makes a zone transfer (AXFR or IXFR). Further, the
> incoming handler of ODS will write the received zone to disk somewhere.
> Check if you have a new file with increased serial. Then the signer
> should be notified (I think via some unix socket) about the signing
> process (I once had file permission problems on this socket).

Thank you very much Klaus.

Stupid me -- incoming 53/udp was blocked on the hidden master.

Everything works like a charm now!

Regards,
Roman



More information about the Opendnssec-user mailing list