[Opendnssec-user] Notify debugging

Matthijs Mekking matthijs at nlnetlabs.nl
Mon May 19 10:03:25 UTC 2014

On 05/16/2014 09:55 PM, Fred Zwarts, KVI, Groningen wrote:
> Hi,
> In the zonelist.xml I only specify the location of the adapter config
> file, not the location of the unsigned zones.
> (The location for the unsigned zones is specified if no zone transfers
> are used for the input zones.)
> Also, in the adapter config, I do not specify a location of the incoming
> zones.
> In the config.xml a workingdirectory /var/opendnssec/tmp is specified
> for the signer.
> That is all I can find.

If you use the DNS input adapter, indeed the zone will not be stored in
the /unsigned directory, but in the /tmp working directory.

There are some files, for example the zone example.com:


example.com.backup2: contains the full backup of signer configuration,
signed and unsigned zone data.

For DNS Input Adapters:

example.com.xfrd: contains the to be read zone transfers.
example.com.xfrd-state: contains the state of the zone transfer (last
serial, last time transferred, which name server to query next, etc).

For DNS Output Adapters:

example.com.ixfr: contains a zone transfer journal for IXFR queries.
example.com.axfr: contains the full zone transfer for AXFR queries and

Hope this helps.

Best regards,

> Fred.Zwarts.
> -----Oorspronkelijk bericht----- From: Rick van Rein
> Sent: Friday, May 16, 2014 9:36 PM
> To: Fred Zwarts, KVI, Groningen
> Cc: opendnssec-user at lists.opendnssec.org
> Subject: Re: [Opendnssec-user] Notify debugging
> Hi,
>> Although I found a work-around already, I looked in the
>> /var/opendnssec/unsigned directory. This directory is completely
>> empty. Apparently, the received zones are stored somewhere else.
> The actual directory is configured in /etc/opendnssec (usually).
>> In the /var/opendnssec/tmp directory there are some rug.nl* files
>> (among which a rug.nl.axfr), but they contain signed zone information.
> That’s the working location for the signer, indeed.  There’ll be some
> comment-carried settings that it uses to be able to iterate over the
> zone faster than for a full run — it will spread signatures over time to
> release the burden of crypto processing.
>> It also contains the earlier mentioned rug.nl.xfrd-state. I have no
>> idea where the unsigned zone information is stored.
> Look in /etc/opendnssec (or whetever is configured as the directory for
> config files on your system) for the actual location.
> https://wiki.opendnssec.org/display/DOCS/conf.xml#conf.xml-Configuration
> (ZoneListFile)
> https://wiki.opendnssec.org/display/DOCS/zonelist.xml#zonelist.xml-Zones
> (Adapters)
> -Rick
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

More information about the Opendnssec-user mailing list