[Opendnssec-user] Deleting the zone
Roman Serbski
mefystofel at gmail.com
Mon Jun 24 09:10:48 UTC 2019
Hello,
[Hidden master:192.168.7.46] <---> [OpenDNSSEC:192.168.7.47] <--->
[Public slave]
The OS is FreeBSD 11.1-RELEASE with NSD 4.1.24 and OpenDNSSEC 2.1.3
both installed from ports.
I occasionally see axfr failures on the hidden master for zones that I
deleted from OpenDNSSEC, so I guess I missed some cleanup steps.
Here are log entries from the hidden master:
[2019-06-24 09:37:04.126] nsd[50181]: info: axfr for example.com. from
192.168.7.47 refused, no acl matches
example.com doesn't exist on OpenDNSSEC server:
ods-enforcer zone list | grep -i example
But ods-signerd still knows about it:
Jun 24 10:34:57 srv-sign ods-signerd: [xfrd] zone example.com request
axfr to 192.168.7.46
Jun 24 10:34:57 srv-sign ods-signerd: [xfrd] bad packet: zone
example.com received error code NOTAUTH from 192.168.7.46
Jun 24 10:34:57 srv-sign ods-signerd: [xfrd] bad packet: zone
example.com received bad xfr packet from 192.168.7.46 (nodata)
I do see some stale files in tmp -- could this be the cause?
-rw-r--r-- 1 root opendnssec 5284 Jun 23 06:02 example.com.axfr
-rw-r--r-- 1 root opendnssec 6467 Jun 24 10:02 example.com.backup2
-rw-r--r-- 1 root opendnssec 40462 Jun 23 06:02 example.com.ixfr
And here is how I delete the zone:
ods-enforcer zone delete --zone example.com
Thank you.
More information about the Opendnssec-user
mailing list