[Opendnssec-user] ODS 2.0.1 and using DNS Adapter

Mark Elkins mje at posix.co.za
Thu Sep 8 15:15:32 UTC 2016

On 08/09/2016 17:01, Mark Elkins wrote:
> I'm having a problem with ODS 2.0.1 and I'm using the DNS Adapter.
> Setup is:


Stopped and restarted BIND on vhost1 and saw in syslog on vhost2 (ODS)

Sep  8 17:01:31 vhost2 ods-signerd[5085]: [query] ignore notify from already got zone web.za serial 2016082001 on disk
(received 2016082001)

WEB.ZA - I'm playing with that too - except its static - so I would not
expect to see a change. However, I did not see any EDU.ZA notification
of any type.  WEB.ZA is otherwise set up identically to EDU.ZA on vhost1
(BIND) - so that would suggest the BIND config is correct.

Then - I ran a more verbose test (version of my script).


Transferring 'edu.za' zone ...  101 Records.
Check the Signer has not dropped any records ...  Error - Differences exist:
< edu.za.   txt "thisserno: 2016090806"
> edu.za.   txt "thisserno: 2016090805"
Check that RRSIG (20160908153431) is still in the future:
  Wall Clock GMT: 2016-09-08 15:05:15 - 1473347115 seconds
  RRSIG Time GMT: 2016-09-08 15:34:31 - 1473348871 seconds
  RRSIG Expire  :            00:29:16 - 1756 seconds (>1170)
SOA Serial Check - differences, Unsigned: 2016090806
                                Signed:   2016090824
Checking Secured Delegation Records
  All are OK - Counted 1 Secured Delegations
Check NSEC3 Chain...  3 links long

So the SOA Serial has increased - yet - its not coming through. That is
why I also copy the SOA Serial into a TXT "thisserno:" record - so I can
see the original Serial Number in the signed zone carried through from
the unsigned zone.

So the EDU.ZA zone is again stagnant.

Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4230 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160908/755ff3a1/attachment.bin>

More information about the Opendnssec-user mailing list