[Opendnssec-user] Version 1.4.7 IXFR problems

Jan-Piet Mens jpmens.dns at gmail.com
Tue Aug 11 13:40:06 UTC 2015 

> It would be nice if there would be a switch to disable IXFR in
> opendnssec as well.

I concur. Using NSD 4.1.3 I also see issues with IXFR running against
OpenDNSSEC 1.4/devel. Some examples:

 nsd[20457]: info: xfrd: zone m04 bad transfer 6 from 192.168.1.110

===

 nsd[20458]: warning: diff: RR <m04., RRSIG> rdata element 0 differs from RR num 5 rdata (rdata data)
 nsd[20458]: warning: diff: RR <m04., RRSIG> rdata element 0 differs from RR num 6 rdata (rdata data)
 [...]
 nsd[20458]: warning: diff: RR <m04., RRSIG> rdata element 0 differs from RR num 7 rdata (rdata data)
 nsd[20458]: warning: diff: RR <m04., RRSIG> does not exist
 nsd[20458]: error: Failed to apply IXFR cleanly (deletes nonexistent RRs, adds existing RRs). Zone m04. contents is different from master, starting AXFR. Transfer received update to serial 8 at 2015-08-10T08:02:55 from 192.168.1.110
 nsd[20458]: info: zone m04. received update to serial 8 at 2015-08-10T08:02:55 from 192.168.1.110 of 9720 bytes in 0.000194 seconds
 nsd[20457]: error: xfrd: zone m04: soa serial 8 update failed, restarting transfer (notified zone)
 nsd[20457]: info: xfrd: zone m04 written received XFR packet from 192.168.1.110 with serial 8 to disk
 nsd[20457]: info: xfrd: zone m04 committed "received update to serial 8 at 2015-08-10T08:02:55 from 192.168.1.110"
 nsd[20458]: info: rehash of zone m04. with parameters 1 0 5 9a8991824201b96d
 nsd[20458]: info: zone m04. received update to serial 8 at 2015-08-10T08:02:55 from 192.168.1.110 of 4682 bytes in 0.000167 seconds
 nsd[20457]: info: zone m04 serial 7 is updated to 8.

===

 nsd[19726]: info: notify for m04. from 192.168.1.110
 nsd[20457]: info: xfrd: zone m04 written received XFR packet from 192.168.1.110 with serial 32 to disk
 nsd[20457]: info: xfrd: zone m04 written received XFR packet from 192.168.1.110 with serial 32 to disk
 nsd[20457]: info: xfrd: zone m04 written received XFR packet from 192.168.1.110 with serial 32 to disk
 nsd[20457]: info: xfrd: zone m04 written received XFR packet from 192.168.1.110 with serial 32 to disk
 nsd[20457]: info: xfrd: zone m04 written received XFR packet from 192.168.1.110 with serial 32 to disk
 nsd[20457]: info: xfrd: zone m04 reverted transfer 32 from 192.168.1.110

I've given up on that and now configure NSD to use AXFR only:

        request-xfr: AXFR 192.168.1.110 NOKEY
                     ^^^^

Regards,

        -JP

More information about the Opendnssec-user mailing list