[Opendnssec-user] "not serving soa" warning message
he at uninett.no
Fri Oct 28 08:23:36 UTC 2016
> Thanks for the extensive report. I created an issue
> https://issues.opendnssec.org/browse/OPENDNSSEC-853 which summarizes the
> problem like this:
> serial_xfr_acquired time in the xfrd state file is not updated properly.
> This may cause an issue on restart if serial_xfr_acquired+expire < now.
> The zone is then not served (despite having had a recent incoming XFR
> and up to date SOA). After next XFR the zone will be served again.
> We'll look in to it.
I suspect that OpenDNSSEC itself is periodically doing a
"refresh" (outgoing SOA query towards the hidden master) for the
zones it serves, and after a while it will have completed this
for all the zones.
I observe that the "not serving soa" messages stopped after a
number of hours (I restarted OpenDNSSEC around 13:00 and the last
"not serving soa" message was logged 23:21 the same day), so it
looks like the downstream distribution master is in reality not
in danger of expiring the zones -- I'm assuming that once
OpenDNSSEC has done its refresh, it has started serving the SOA
records downstream as well.
More information about the Opendnssec-user