[Opendnssec-user] Re: Zone stuck, not updating
Havard Eidnes
he at uninett.no
Tue Oct 28 07:54:44 UTC 2014
> We have 12 zones and we see this situation a few times per week. We
> have developed a cron script which compares the serial of the unsigned
> DNS server with the serial in the /var/opendns/tmp/<zone>.xfrd-state
> file. If a mismatch is detected, the work-around is to stop
> OpenDNSSEC, delete this file and restart OpenDNSSEC again.
Hm. This, I think, is more frequent than what I'm seeing, but it
may be a lack of monitoring on our part...
> A similar problem occurs sometimes if the unsigned zone is not
> changed for some weeks. OpenDNSSEC then does not update its
> state anymore. Then, after some days the zone expires and no
> outgoing zone transfers are possible anymore. This case is more
> difficult to detect before the expiration of the zone. The
> work-around is similar.
This sounds strange, and I don't think we've seen this so far.
For this to happen, the signer would have to stop answering SOA
queries from the "slave" it uses for outgoing zone transfers, I
would beleive; well, perhaps also in addition it'd have to stop
outgoing zone transfers from happening. Is that what you've been
seeing?
Which version of OpenDNSSEC are you running?
Regards,
- Håvard
More information about the Opendnssec-user
mailing list