[Opendnssec-user] Re: Zone stuck, not updating

Roman Serbski mefystofel at gmail.com
Mon Nov 3 13:08:11 UTC 2014 

On Mon, Nov 3, 2014 at 1:42 PM, Havard Eidnes <he at uninett.no> wrote:
>> Same issue here.  We host ~10 zones in a "hidden master > signer >
>> public slave" setup (OpenDNSSEC 1.4.6 using DNS adapters and running
>> on FreeBSD 10).  The unsigned zone that hasn't been changed for some
>> weeks expires hence outgoing zone transfers are no longer working.
>>
>> Here is the only relevant entry in the logs of the signer:
>>
>> Nov  3 10:52:20 ns-signer ods-signerd: [axfr] zone domain1.org expired, not transferring zone
>>
>> And on the public slave:
>>
>> [2014-11-03 10:52:55.422] nsd[19847]: error: xfrd: zone domain1.org
>> received error code SERV FAIL from 192.168.200.11
>>
>> Although in my case, I didn't have to clear /var/opendns/tmp/<zone>
>> and restart OpenDNSSEC -- increasing the serial and reloading the zone
>> on the hidden master usually does the trick for me.
>>
>> Do you mind sharing the script that you use to compare the serials?
>
> You didn't see my later message in this thread from friday?  This
> appears to be due to a bug in OpenDNSSEC, I'm using this patch:
>
> ------------------------------
> Hm, there's no need for htonl() on values restored from a file.
> This causes IXFRs to fail, because the wrong SOA version number
> is being stuffed into the IXFR requests(!)
>
> --- signer/src/wire/xfrd.c.orig 2014-07-21 09:30:09.000000000 +0000
> +++ signer/src/wire/xfrd.c
> @@ -265,12 +265,12 @@ xfrd_recover(xfrd_type* xfrd)
>                  xfrd->timeout.tv_sec = timeout;
>                  xfrd->timeout.tv_nsec = 0;
>                  xfrd->master = NULL; /* acl_find_num(...) */
> -                xfrd->soa.ttl = htonl(soa_ttl);
> -                xfrd->soa.serial = htonl(soa_serial);
> -                xfrd->soa.refresh = htonl(soa_refresh);
> -                xfrd->soa.retry = htonl(soa_retry);
> -                xfrd->soa.expire = htonl(soa_expire);
> -                xfrd->soa.minimum = htonl(soa_minimum);
> +                xfrd->soa.ttl = soa_ttl;
> +                xfrd->soa.serial = soa_serial;
> +                xfrd->soa.refresh = soa_refresh;
> +                xfrd->soa.retry = soa_retry;
> +                xfrd->soa.expire = soa_expire;
> +                xfrd->soa.minimum = soa_minimum;
>                  xfrd->soa.mname[0] = xfrd_recover_dname(xfrd->soa.mname+1,
>                      soa_mname);
>                  xfrd->soa.rname[0] = xfrd_recover_dname(xfrd->soa.rname+1,
> ------------------------------

Many thanks Havard! Sorry, I overlooked it -- will give it a try.

Regards,
Roman

More information about the Opendnssec-user mailing list