[Opendnssec-user] Re: Zone stuck, not updating

Fred.Zwarts F.Zwarts at KVI.nl
Mon Oct 27 11:22:34 UTC 2014

We have 12 zones and we see this situation a few times per week. We have 
developed a cron script which compares the serial of the unsigned DNS server 
with the serial in the /var/opendns/tmp/<zone>.xfrd-state file. If a 
mismatch is detected, the work-around is to stop OpenDNSSEC, delete this 
file and restart OpenDNSSEC again.
A similar problem occurs sometimes if the unsigned zone is not changed for 
some weeks. OpenDNSSEC then does not update its state anymore. Then, after 
some days the zone expires and no outgoing zone transfers are possible 
anymore. This case is more difficult to detect before the expiration of the 
zone. The work-around is similar.

"Havard Eidnes"  schreef in bericht 
news:20141023.221714.213271382.he at uninett.no...
>I'm using DNS zone transfers in and out of OpenDNSSEC with OpenDNSSEC
>version 1.4.6.  It looks like one of the zones have become wedged, and
>OpenDNSSEC refuses to transfer a new copy, despite a new SOA being
>announced via DNS notify.  ods-signerd logs:
><timestamp+host> ods-signerd: [query] ignore notify from a.b.c.d: zone 
>xxx.yyy.no transfer in progress
>What makes it think it's currently transferring the zone, and is there
>something I can do to clear that state?  I've done a full restart of
>OpenDNSSEC via "ods-control stop" and "ods-control start", to no

More information about the Opendnssec-user mailing list