[Opendnssec-user] Re: Zone stuck, not updating

Havard Eidnes he at uninett.no
Mon Nov 3 12:42:18 UTC 2014


> Same issue here.  We host ~10 zones in a "hidden master > signer >
> public slave" setup (OpenDNSSEC 1.4.6 using DNS adapters and running
> on FreeBSD 10).  The unsigned zone that hasn't been changed for some
> weeks expires hence outgoing zone transfers are no longer working.
>
> Here is the only relevant entry in the logs of the signer:
>
> Nov  3 10:52:20 ns-signer ods-signerd: [axfr] zone domain1.org expired, not transferring zone
>
> And on the public slave:
>
> [2014-11-03 10:52:55.422] nsd[19847]: error: xfrd: zone domain1.org
> received error code SERV FAIL from 192.168.200.11
>
> Although in my case, I didn't have to clear /var/opendns/tmp/<zone>
> and restart OpenDNSSEC -- increasing the serial and reloading the zone
> on the hidden master usually does the trick for me.
>
> Do you mind sharing the script that you use to compare the serials?

You didn't see my later message in this thread from friday?  This
appears to be due to a bug in OpenDNSSEC, I'm using this patch:

------------------------------
Hm, there's no need for htonl() on values restored from a file.
This causes IXFRs to fail, because the wrong SOA version number
is being stuffed into the IXFR requests(!)

--- signer/src/wire/xfrd.c.orig	2014-07-21 09:30:09.000000000 +0000
+++ signer/src/wire/xfrd.c
@@ -265,12 +265,12 @@ xfrd_recover(xfrd_type* xfrd)
                 xfrd->timeout.tv_sec = timeout;
                 xfrd->timeout.tv_nsec = 0;
                 xfrd->master = NULL; /* acl_find_num(...) */
-                xfrd->soa.ttl = htonl(soa_ttl);
-                xfrd->soa.serial = htonl(soa_serial);
-                xfrd->soa.refresh = htonl(soa_refresh);
-                xfrd->soa.retry = htonl(soa_retry);
-                xfrd->soa.expire = htonl(soa_expire);
-                xfrd->soa.minimum = htonl(soa_minimum);
+                xfrd->soa.ttl = soa_ttl;
+                xfrd->soa.serial = soa_serial;
+                xfrd->soa.refresh = soa_refresh;
+                xfrd->soa.retry = soa_retry;
+                xfrd->soa.expire = soa_expire;
+                xfrd->soa.minimum = soa_minimum;
                 xfrd->soa.mname[0] = xfrd_recover_dname(xfrd->soa.mname+1,
                     soa_mname);
                 xfrd->soa.rname[0] = xfrd_recover_dname(xfrd->soa.rname+1,
------------------------------

Regards,

- Havard



More information about the Opendnssec-user mailing list