[Opendnssec-user] ODS 2.0.1 and using DNS Adapter
mje at posix.co.za
Thu Sep 8 15:15:32 UTC 2016
On 08/09/2016 17:01, Mark Elkins wrote:
> I'm having a problem with ODS 2.0.1 and I'm using the DNS Adapter.
> Setup is:
Stopped and restarted BIND on vhost1 and saw in syslog on vhost2 (ODS)
Sep 8 17:01:31 vhost2 ods-signerd: [query] ignore notify from
18.104.22.168: already got zone web.za serial 2016082001 on disk
WEB.ZA - I'm playing with that too - except its static - so I would not
expect to see a change. However, I did not see any EDU.ZA notification
of any type. WEB.ZA is otherwise set up identically to EDU.ZA on vhost1
(BIND) - so that would suggest the BIND config is correct.
Then - I ran a more verbose test (version of my script).
Transferring 'edu.za' zone ... 101 Records.
Check the Signer has not dropped any records ... Error - Differences exist:
< edu.za. txt "thisserno: 2016090806"
> edu.za. txt "thisserno: 2016090805"
Check that RRSIG (20160908153431) is still in the future:
Wall Clock GMT: 2016-09-08 15:05:15 - 1473347115 seconds
RRSIG Time GMT: 2016-09-08 15:34:31 - 1473348871 seconds
RRSIG Expire : 00:29:16 - 1756 seconds (>1170)
SOA Serial Check - differences, Unsigned: 2016090806
Checking Secured Delegation Records
All are OK - Counted 1 Secured Delegations
Check NSEC3 Chain... 3 links long
So the SOA Serial has increased - yet - its not coming through. That is
why I also copy the SOA Serial into a TXT "thisserno:" record - so I can
see the original Serial Number in the signed zone carried through from
the unsigned zone.
So the EDU.ZA zone is again stagnant.
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4230 bytes
Desc: S/MIME Cryptographic Signature
More information about the Opendnssec-user