[Opendnssec-user] Zone updates with 1.4.14

Roman Serbski mefystofel at gmail.com
Wed Jul 5 14:20:54 UTC 2017


Hello,

Hidden master (NSD 4.1.0), signer (OpenDNSSEC 1.4.6 using DNS
adapters), and public DNS (NSD 4.1.0), all under FreeBSD 10.0-STABLE.

I'm planning to update the whole setup to the latest NSD 4.1.16,
OpenDNSSEC 1.4.14, FreeBSD 11, therefore I cloned all servers and
performed an update in the lab.

Everything is working fine except that it seems that I lost automatic
zone updates performed by OpenDNSSEC. In 1.4.6, there was one update
per day, per zone. In 1.4.14 I don't see any updates for three days
already.

My kasp.conf remained unchanged:

<Zone>
 <PropagationDelay>PT43200S</PropagationDelay>
  <SOA>
   <TTL>PT3600S</TTL>
   <Minimum>PT3600S</Minimum>
   <Serial>datecounter</Serial>
  </SOA>
</Zone>

- if I manually bump the serial on hidden master, and reload the zone,
it's instantly reflected on the public DNS;
- automatic ZSK roll-over triggers SOA increment as well;
- shutting down OpenDNSSEC, clearing of /var/opendnssec/tmp/, and
starting OpenDNSSEC triggers updates too.

I see constant communication between the hidden master and the signer:

[2017-07-03 12:34:45.090] nsd[6547]: info: axfr for mydomain.org. from
192.168.60.203

Jul  3 12:34:45 SRV-SIGNER-CLONE ods-signerd: [xfrd] zone mydomain.org
request axfr to 192.168.60.202
Jul  3 12:34:45 SRV-SIGNER-CLONE ods-signerd: [xfrd] zone mydomain.org
got update indicating current serial 2017033002 from 192.168.60.202

But no updates between the signer and the public DNS.

Thank you in advance.



More information about the Opendnssec-user mailing list