[Opendnssec-user] SOA queries -> ServFail?

Yuri Schaeffer yuri at nlnetlabs.nl
Wed May 31 08:38:30 UTC 2017


Hi Håvard,

> Turns out that this is in response to the SOA queries it issues:
> 14:49:39.571605 IP xxxx.42494 > yyyy.domain: 21758 [2au] SOA? 58.39.128.in-addr.arpa. (140)
> 14:49:39.572698 IP yyyy.domain > xxxx.42494: 21758 ServFail- 0/0/2 (140)
> 
> Is this expected behaviour, i.e. are SOA queries not part of the
> reportoire which OpenDNSSEC implements?  If so, that's a surprise...

OpenDNSSEC should respond to SOA queries. There are a couple of cases
where it isn't able to. See the soa request function [1]. Maybe the zone
is expired? In any case you should find some hint in the logs of the
signer. grep for "[axfr]" in combination with "58.39.128.in-addr.arpa".
This should, according to the code provide some additional information.

Best regards,
Yuri


[1]
https://github.com/opendnssec/opendnssec/blob/1.4/master/signer/src/wire/axfr.c#L53

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170531/1abfbaa3/attachment.bin>


More information about the Opendnssec-user mailing list