[Opendnssec-user] Notify debugging

[Fred.Zwarts]

Hi Rein,

I fixed the problem by stopping ods (both enforcer and signer), then I 
deleted /var/opendnssec/tmp/rug.nl.xfrd-state, then I started ods again. 
After that the zone was properly received and processed. (I tried this, 
because of what I read in another thread earlier this month.)
So, unfortunately, it makes no sense anymore to follow your suggestion. 
Sorry, I was a bit in a hurry. I hope such a zone transfer problem will not 
happen again, but if it happens, I will have a look there.
Still I would like to have some better logging of notify messages and zone 
transfer, or is it available at higher verbosity?

Fred.Zwarts.

-----Oorspronkelijk bericht----- 
From: Rick van Rein
Sent: Thursday, May 15, 2014 22:43
To: Fred.Zwarts
Cc: opendnssec-user at lists.opendnssec.org
Subject: Re: [Opendnssec-user] Notify debugging

Hi Fred,

> The /var/opendnssec/tmp/rug.nl-xfrd-state file still shows the old soa 
> serial 2014051506, where the unsigned system is already at 2014051520.
> To me it looks as if opendnssec receives the zone, but does not process 
> it.
> Any other ideas to diagnose this problem?

Can you have a look at /var/opendnssec/unsigned/rug.nl* ?

If the zone changes arrive (I assume the mutliple arrivals are due to zone 
updates, each resulting in a NOTIFY) then you should find it there, probably 
as rug.nl.axfr.

That should help you distinguish if it is a transport problem or a 
signer-trigger problem.

You can manually trigger resigning to see if it is a matter of the new 
arrival not triggering the signer properly, with
ods-signer sign rug.nl

-Rick