[Opendnssec-user] Zone updates with 1.4.14
Roman Serbski
mefystofel at gmail.com
Wed Jul 5 14:20:54 UTC 2017
Hello,
Hidden master (NSD 4.1.0), signer (OpenDNSSEC 1.4.6 using DNS
adapters), and public DNS (NSD 4.1.0), all under FreeBSD 10.0-STABLE.
I'm planning to update the whole setup to the latest NSD 4.1.16,
OpenDNSSEC 1.4.14, FreeBSD 11, therefore I cloned all servers and
performed an update in the lab.
Everything is working fine except that it seems that I lost automatic
zone updates performed by OpenDNSSEC. In 1.4.6, there was one update
per day, per zone. In 1.4.14 I don't see any updates for three days
already.
My kasp.conf remained unchanged:
<Zone>
<PropagationDelay>PT43200S</PropagationDelay>
<SOA>
<TTL>PT3600S</TTL>
<Minimum>PT3600S</Minimum>
<Serial>datecounter</Serial>
</SOA>
</Zone>
- if I manually bump the serial on hidden master, and reload the zone,
it's instantly reflected on the public DNS;
- automatic ZSK roll-over triggers SOA increment as well;
- shutting down OpenDNSSEC, clearing of /var/opendnssec/tmp/, and
starting OpenDNSSEC triggers updates too.
I see constant communication between the hidden master and the signer:
[2017-07-03 12:34:45.090] nsd[6547]: info: axfr for mydomain.org. from
192.168.60.203
Jul 3 12:34:45 SRV-SIGNER-CLONE ods-signerd: [xfrd] zone mydomain.org
request axfr to 192.168.60.202
Jul 3 12:34:45 SRV-SIGNER-CLONE ods-signerd: [xfrd] zone mydomain.org
got update indicating current serial 2017033002 from 192.168.60.202
But no updates between the signer and the public DNS.
Thank you in advance.
More information about the Opendnssec-user
mailing list