[Opendnssec-user] Notify debugging
Fred Zwarts, KVI, Groningen
F.Zwarts at KVI.nl
Fri May 16 19:31:04 UTC 2014
Hi Rick,
Although I found a work-around already, I looked in the
/var/opendnssec/unsigned directory. This directory is completely empty.
Apparently, the received zones are stored somewhere else. In the
/var/opendnssec/tmp directory there are some rug.nl* files (among which a
rug.nl.axfr), but they contain signed zone information. It also contains the
earlier mentioned rug.nl.xfrd-state. I have no idea where the unsigned zone
information is stored.
Fred.Zwarts.
-----Oorspronkelijk bericht-----
From: Rick van Rein
Sent: Thursday, May 15, 2014 10:43 PM
To: Fred.Zwarts
Cc: opendnssec-user at lists.opendnssec.org
Subject: Re: [Opendnssec-user] Notify debugging
Hi Fred,
> The /var/opendnssec/tmp/rug.nl-xfrd-state file still shows the old soa
> serial 2014051506, where the unsigned system is already at 2014051520.
> To me it looks as if opendnssec receives the zone, but does not process
> it.
> Any other ideas to diagnose this problem?
Can you have a look at /var/opendnssec/unsigned/rug.nl* ?
If the zone changes arrive (I assume the mutliple arrivals are due to zone
updates, each resulting in a NOTIFY) then you should find it there, probably
as rug.nl.axfr.
That should help you distinguish if it is a transport problem or a
signer-trigger problem.
You can manually trigger resigning to see if it is a matter of the new
arrival not triggering the signer properly, with
ods-signer sign rug.nl
-Rick
More information about the Opendnssec-user
mailing list