[Opendnssec-user] Two questions

Roman Serbski mefystofel at gmail.com
Tue Sep 2 12:11:35 CEST 2014


Hello,

I'm running NSD 4.0.3 as a hidden master and OpenDNSSEC 1.4.6 on a
separate server getting plain zones from the hidden master via DNS
adapters. Everything is working fine, but occasionally I get the
following in the logs of OpenDNSSEC:

Sep  2 10:33:08 srv-signer ods-signerd: [xfrd] zone domain.org request
udp/ixfr=2373323896 to 192.168.157.46
Sep  2 10:33:08 srv-signer ods-signerd: [xfrd] bad packet: zone
domain.org received error code NOTIMPL from 192.168.157.46
Sep  2 10:33:08 srv-signer ods-signerd: [xfrd] zone domain.org request
axfr to 192.168.157.46
Sep  2 10:33:08 srv-signer ods-signerd: [xfrd] zone domain.org got
update indicating current serial 2014082701 from 192.168.157.46

where 192.168.157.46 is the IP of my hidden master.

However, the zone is transferred without any problems and I do see
domain.org.axfr and domain.org.ixfr files in tmp directory. Is it
expected?

And the second question: could somebody please explain the reasons for
increasing ZSK lifetime from 30 to 90 days in the default policy?

Thank you in advance.



More information about the Opendnssec-user mailing list