[Opendnssec-user] Zone updates with 1.4.14

Roman Serbski mefystofel at gmail.com
Wed Jul 5 14:20:54 UTC 2017


Hidden master (NSD 4.1.0), signer (OpenDNSSEC 1.4.6 using DNS
adapters), and public DNS (NSD 4.1.0), all under FreeBSD 10.0-STABLE.

I'm planning to update the whole setup to the latest NSD 4.1.16,
OpenDNSSEC 1.4.14, FreeBSD 11, therefore I cloned all servers and
performed an update in the lab.

Everything is working fine except that it seems that I lost automatic
zone updates performed by OpenDNSSEC. In 1.4.6, there was one update
per day, per zone. In 1.4.14 I don't see any updates for three days

My kasp.conf remained unchanged:


- if I manually bump the serial on hidden master, and reload the zone,
it's instantly reflected on the public DNS;
- automatic ZSK roll-over triggers SOA increment as well;
- shutting down OpenDNSSEC, clearing of /var/opendnssec/tmp/, and
starting OpenDNSSEC triggers updates too.

I see constant communication between the hidden master and the signer:

[2017-07-03 12:34:45.090] nsd[6547]: info: axfr for mydomain.org. from

Jul  3 12:34:45 SRV-SIGNER-CLONE ods-signerd: [xfrd] zone mydomain.org
request axfr to
Jul  3 12:34:45 SRV-SIGNER-CLONE ods-signerd: [xfrd] zone mydomain.org
got update indicating current serial 2017033002 from

But no updates between the signer and the public DNS.

Thank you in advance.

More information about the Opendnssec-user mailing list