[Opendnssec-user] XFR with YADIFA: UNPROCESSABLE_MESSAGE
Djordje Antic
djordje.antic at gmail.com
Tue Mar 29 23:46:08 UTC 2016
Hi,
I have a DNS setup that looks like this:
Hidden master (BIND) [xfr]-> DNSSEC signer (OpenDNSSEC) [xfr]-> 4x
Public slaves (NSD, BIND, YADIFA, KNOT).
NSD, BIND and KNOT machines are receiving and serving zones without
problems, but YADIFA is not. This problem does not occur when set to
update directly from hidden master, but it loses the DNSSEC
'bump-in-the-wire' and thus serving unsigned zones.
Versions:
BIND: 9.10.3
OpenDNSSEC 1.4.9
YADIFA 2.1.6
YADIFA log:
2016-03-29 15:22:39.127905 | server | I | slave: example.com. AXFR
query to the master
2016-03-29 15:22:39.127907 | server | 6 | acquire:
example.com. at 00007FB5017F3970 rc=3
2016-03-29 15:22:39.127927 | server | 6 | release:
example.com. at 00007FB5017F3970 rc=2
2016-03-29 15:22:39.127929 | server | I | axfr: example.com.:
transfer will be signed with key 'key2.'
2016-03-29 15:22:39.128492 | server | 6 | acquire:
example.com. at 00007FB5017F3970 rc=3
2016-03-29 15:22:39.128495 | server | 6 | release:
example.com. at 00007FB5017F3970 rc=2
2016-03-29 15:22:39.131463 | server | D | axfr: example.com.: AXFR
stream copy init failed: UNPROCESSABLE_MESSAGE
2016-03-29 15:22:39.131499 | server | E | slave: query error for
domain example.com. from master at 11.22.33.44#53:
UNPROCESSABLE_MESSAGE
2016-03-29 15:22:39.131502 | server | 6 |
zone_lock(example.com. at 00007FB5017F3970, 86)
2016-03-29 15:22:39.131503 | server | D | database_service: enqueue
operation DATABASE_SERVICE_ZONE_DOWNLOADED_EVENT on example.com.:
UNPROCESSABLE_MESSAGE
2016-03-29 15:22:39.131506 | server | 6 |
zone_unlock(example.com. at 00007FB5017F3970, 86)
2016-03-29 15:22:39.131507 | server | 6 | release:
example.com. at 00007FB5017F3970 rc=1
2016-03-29 15:22:39.131903 | server | 6 | acquire:
example.com. at 00007FB5017F3970 rc=2
2016-03-29 15:22:39.131905 | server | E | database: failed to
download the zone for example.com.: UNPROCESSABLE_MESSAGE
2016-03-29 15:22:39.131906 | server | 6 |
zone_lock(example.com. at 00007FB5017F3970, 89)
OpenDNSSEC log:
Mar 29 15:22:39 ods ods-signerd: [socket] handle incoming tcp connection
Mar 29 15:22:39 ods ods-signerd: [netio] handler added
Mar 29 15:22:39 ods ods-signerd: [socket] incoming tcp message
Mar 29 15:22:39 ods ods-signerd: [socket] TCP_READ: reset query
Mar 29 15:22:39 ods ods-signerd: [socket] TCP_READ: bytes transmitted
2 (received 2)
Mar 29 15:22:39 ods ods-signerd: [socket] TCP_READ: bytes transmitted
108 (received 106)
Mar 29 15:22:39 ods ods-signerd: [query] tsig OK
Mar 29 15:22:39 ods ods-signerd: [query] incoming query qtype=AXFR for
zone example.com
Mar 29 15:22:39 ods ods-signerd: [acl] match 55.66.77.88
Mar 29 15:22:39 ods ods-signerd: [query] incoming axfr request for
zone example.com
Mar 29 15:22:39 ods ods-signerd: [file] openfile example.com.axfr count 1
Mar 29 15:22:39 ods ods-signerd: [axfr] set soa in axfr zone example.com
Mar 29 15:22:39 ods ods-signerd: [axfr] axfr zone example.com is done
Mar 29 15:22:39 ods ods-signerd: [axfr] return part axfr zone example.com
Mar 29 15:22:39 ods ods-signerd: [socket] query processed qstate=2
Mar 29 15:22:39 ods ods-signerd: [query] add tsig ok
Mar 29 15:22:39 ods ods-signerd: [socket] TCP_READ: new tcplen 4654
Mar 29 15:22:39 ods ods-signerd: [socket] TCP_WRITE: bytes transmitted
2 (sent 2)
Mar 29 15:22:39 ods ods-signerd: [socket] TCP_WRITE: bytes transmitted 4656
Mar 29 15:22:39 ods ods-signerd: [socket] TCP_WRITE: tcplen 4654
Mar 29 15:22:39 ods ods-signerd: [socket] TCP_WRITE: sizeof tcplen 2
Mar 29 15:22:39 ods ods-signerd: [axfr] zone transfer example.com completed
Mar 29 15:22:39 ods ods-signerd: [socket] incoming tcp message
Mar 29 15:22:39 ods ods-signerd: [socket] TCP_READ: reset query
Mar 29 15:22:39 ods ods-signerd: [netio] handler removed
Regards,
Djordje
More information about the Opendnssec-user
mailing list