[Opendnssec-user] Version 1.4.7 IXFR problems

Berry A.W. van Halderen berry at nlnetlabs.nl
Tue Mar 8 11:36:29 UTC 2016


On 03/08/2016 10:59 AM, Havard Eidnes wrote:
> Me too.  I think I discussed this already under the slightly
> misleading subject "TTL clamped to minimum 3600".  It turns out that
> only change of TTL does not flag those records for inclusion in an
> IXFR, and my last message on the subject of January 22 pointed the
> finger of suspicion on a code fragment in zone_add_rr().  I've not
> seen any further comments on this, though.

We had report in slightly different form of this issue as well.
A candidate solution has been placed out for testing in the reporters
environment, and pending the outcome we want to merge this in.

We have made a pull-request which you can try as well, if you're
able to fetch it.  It is at:
  https://github.com/opendnssec/opendnssec/pull/375
This change is for the 2.0 release, but it be applied to 1.4 as well.
I've placed a patch that can be applied to 1.4 source tree in the
support issue:
  https://issues.opendnssec.org/browse/SUPPORT-186
that can be applied to the latest 1.4 release.

The issue had been reproducible at our end and relates, as our
conclusions go, to a change in the TTL only for RR records isn't
properly recognized, and skipped.  Since the issue seems to
come in different forms there remains the uncertainty that there
is just a single issue.
For OpenDNSSEC, any change and also just a TTL change is best handled
by the removal of the record and re-adding it.  The change in the pull
request works this way.

It would be nice to see this solution being confirmed so we can place
it in and possibly make a release.

Berry van Halderen




More information about the Opendnssec-user mailing list