[Opendnssec-user] Deleting the zone

Roman Serbski mefystofel at gmail.com
Mon Jun 24 11:10:48 CEST 2019


Hello,

[Hidden master:192.168.7.46] <---> [OpenDNSSEC:192.168.7.47] <--->
[Public slave]

The OS is FreeBSD 11.1-RELEASE with NSD 4.1.24 and OpenDNSSEC 2.1.3
both installed from ports.

I occasionally see axfr failures on the hidden master for zones that I
deleted from OpenDNSSEC, so I guess I missed some cleanup steps.

Here are log entries from the hidden master:

[2019-06-24 09:37:04.126] nsd[50181]: info: axfr for example.com. from
192.168.7.47 refused, no acl matches

example.com doesn't exist on OpenDNSSEC server:

ods-enforcer zone list | grep -i example

But ods-signerd still knows about it:

Jun 24 10:34:57 srv-sign ods-signerd: [xfrd] zone example.com request
axfr to 192.168.7.46
Jun 24 10:34:57 srv-sign ods-signerd: [xfrd] bad packet: zone
example.com received error code NOTAUTH from 192.168.7.46
Jun 24 10:34:57 srv-sign ods-signerd: [xfrd] bad packet: zone
example.com received bad xfr packet from 192.168.7.46 (nodata)

I do see some stale files in tmp -- could this be the cause?

-rw-r--r--  1 root        opendnssec   5284 Jun 23 06:02 example.com.axfr
-rw-r--r--  1 root        opendnssec   6467 Jun 24 10:02 example.com.backup2
-rw-r--r--  1 root        opendnssec  40462 Jun 23 06:02 example.com.ixfr

And here is how I delete the zone:

ods-enforcer zone delete --zone example.com

Thank you.


More information about the Opendnssec-user mailing list