[Opendnssec-user] Re: Zone stuck, not updating
Havard Eidnes
he at uninett.no
Mon Nov 3 12:42:18 UTC 2014
> Same issue here. We host ~10 zones in a "hidden master > signer >
> public slave" setup (OpenDNSSEC 1.4.6 using DNS adapters and running
> on FreeBSD 10). The unsigned zone that hasn't been changed for some
> weeks expires hence outgoing zone transfers are no longer working.
>
> Here is the only relevant entry in the logs of the signer:
>
> Nov 3 10:52:20 ns-signer ods-signerd: [axfr] zone domain1.org expired, not transferring zone
>
> And on the public slave:
>
> [2014-11-03 10:52:55.422] nsd[19847]: error: xfrd: zone domain1.org
> received error code SERV FAIL from 192.168.200.11
>
> Although in my case, I didn't have to clear /var/opendns/tmp/<zone>
> and restart OpenDNSSEC -- increasing the serial and reloading the zone
> on the hidden master usually does the trick for me.
>
> Do you mind sharing the script that you use to compare the serials?
You didn't see my later message in this thread from friday? This
appears to be due to a bug in OpenDNSSEC, I'm using this patch:
------------------------------
Hm, there's no need for htonl() on values restored from a file.
This causes IXFRs to fail, because the wrong SOA version number
is being stuffed into the IXFR requests(!)
--- signer/src/wire/xfrd.c.orig 2014-07-21 09:30:09.000000000 +0000
+++ signer/src/wire/xfrd.c
@@ -265,12 +265,12 @@ xfrd_recover(xfrd_type* xfrd)
xfrd->timeout.tv_sec = timeout;
xfrd->timeout.tv_nsec = 0;
xfrd->master = NULL; /* acl_find_num(...) */
- xfrd->soa.ttl = htonl(soa_ttl);
- xfrd->soa.serial = htonl(soa_serial);
- xfrd->soa.refresh = htonl(soa_refresh);
- xfrd->soa.retry = htonl(soa_retry);
- xfrd->soa.expire = htonl(soa_expire);
- xfrd->soa.minimum = htonl(soa_minimum);
+ xfrd->soa.ttl = soa_ttl;
+ xfrd->soa.serial = soa_serial;
+ xfrd->soa.refresh = soa_refresh;
+ xfrd->soa.retry = soa_retry;
+ xfrd->soa.expire = soa_expire;
+ xfrd->soa.minimum = soa_minimum;
xfrd->soa.mname[0] = xfrd_recover_dname(xfrd->soa.mname+1,
soa_mname);
xfrd->soa.rname[0] = xfrd_recover_dname(xfrd->soa.rname+1,
------------------------------
Regards,
- Havard
More information about the Opendnssec-user
mailing list