[Opendnssec-user] Notify debugging

Matthijs Mekking matthijs at nlnetlabs.nl
Mon May 19 10:03:25 UTC 2014 

On 05/16/2014 09:55 PM, Fred Zwarts, KVI, Groningen wrote:
> Hi,
> 
> In the zonelist.xml I only specify the location of the adapter config
> file, not the location of the unsigned zones.
> (The location for the unsigned zones is specified if no zone transfers
> are used for the input zones.)
> Also, in the adapter config, I do not specify a location of the incoming
> zones.
> In the config.xml a workingdirectory /var/opendnssec/tmp is specified
> for the signer.
> That is all I can find.

If you use the DNS input adapter, indeed the zone will not be stored in
the /unsigned directory, but in the /tmp working directory.

There are some files, for example the zone example.com:

Generic:

example.com.backup2: contains the full backup of signer configuration,
signed and unsigned zone data.

For DNS Input Adapters:

example.com.xfrd: contains the to be read zone transfers.
example.com.xfrd-state: contains the state of the zone transfer (last
serial, last time transferred, which name server to query next, etc).

For DNS Output Adapters:

example.com.ixfr: contains a zone transfer journal for IXFR queries.
example.com.axfr: contains the full zone transfer for AXFR queries and
fallback.

Hope this helps.

Best regards,
  Matthijs


> 
> Fred.Zwarts.
> 
> -----Oorspronkelijk bericht----- From: Rick van Rein
> Sent: Friday, May 16, 2014 9:36 PM
> To: Fred Zwarts, KVI, Groningen
> Cc: opendnssec-user at lists.opendnssec.org
> Subject: Re: [Opendnssec-user] Notify debugging
> 
> Hi,
> 
>> Although I found a work-around already, I looked in the
>> /var/opendnssec/unsigned directory. This directory is completely
>> empty. Apparently, the received zones are stored somewhere else.
> 
> The actual directory is configured in /etc/opendnssec (usually).
> 
>> In the /var/opendnssec/tmp directory there are some rug.nl* files
>> (among which a rug.nl.axfr), but they contain signed zone information.
> 
> That’s the working location for the signer, indeed.  There’ll be some
> comment-carried settings that it uses to be able to iterate over the
> zone faster than for a full run — it will spread signatures over time to
> release the burden of crypto processing.
> 
>> It also contains the earlier mentioned rug.nl.xfrd-state. I have no
>> idea where the unsigned zone information is stored.
> 
> Look in /etc/opendnssec (or whetever is configured as the directory for
> config files on your system) for the actual location.
> 
> https://wiki.opendnssec.org/display/DOCS/conf.xml#conf.xml-Configuration
> (ZoneListFile)
> https://wiki.opendnssec.org/display/DOCS/zonelist.xml#zonelist.xml-Zones
> (Adapters)
> 
> -Rick
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>

More information about the Opendnssec-user mailing list