[Opendnssec-user] Re: Zone stuck, not updating
Fred.Zwarts
F.Zwarts at KVI.nl
Mon Oct 27 11:22:34 UTC 2014
We have 12 zones and we see this situation a few times per week. We have
developed a cron script which compares the serial of the unsigned DNS server
with the serial in the /var/opendns/tmp/<zone>.xfrd-state file. If a
mismatch is detected, the work-around is to stop OpenDNSSEC, delete this
file and restart OpenDNSSEC again.
A similar problem occurs sometimes if the unsigned zone is not changed for
some weeks. OpenDNSSEC then does not update its state anymore. Then, after
some days the zone expires and no outgoing zone transfers are possible
anymore. This case is more difficult to detect before the expiration of the
zone. The work-around is similar.
"Havard Eidnes" schreef in bericht
news:20141023.221714.213271382.he at uninett.no...
>
>Hi,
>
>I'm using DNS zone transfers in and out of OpenDNSSEC with OpenDNSSEC
>version 1.4.6. It looks like one of the zones have become wedged, and
>OpenDNSSEC refuses to transfer a new copy, despite a new SOA being
>announced via DNS notify. ods-signerd logs:
>
><timestamp+host> ods-signerd: [query] ignore notify from a.b.c.d: zone
>xxx.yyy.no transfer in progress
>
>What makes it think it's currently transferring the zone, and is there
>something I can do to clear that state? I've done a full restart of
>OpenDNSSEC via "ods-control stop" and "ods-control start", to no
>avail.
More information about the Opendnssec-user
mailing list