[Opendnssec-user] received bad xfr packet (xfr over udp incomplete)
Michael Grimm
trashcan at ellael.org
Wed Jan 31 18:21:53 UTC 2024
Michael Grimm via Opendnssec-user <opendnssec-user at lists.opendnssec.org> wrote:
> Hi,
>
> this is: opendnssec 2.1.13, nsd 4.8.0, and FreeBSD 14.0-STABLE
>
> My setup is as follows:
>
> [hidden primary nsd] -> [opendnssec] -> [public slave slave 1]
> -> [public slave slave 2]
>
> This has been working fine for years.
>
>
> Some time time ago I had to start the following workaround whenever I had to update my DNS master zonefiles (FreeBSD commands):
>
> 1) service nsd restart
> 2) opendnssec will complain about incomplete xfr [1]
> 3) service opendnssec stop
> 4) rm /usr/local/var/opendnssec/tmp/*
> 5) service opendnssec start
> 6) zonefiles become propagated to both slaves
>
> [1] Error message:
>
> ods-signerd[26571]: [xfrd] bad packet: zone XXX.XXX received bad xfr packet (xfr over udp incomplete)
>
> Any input on how to debug this issue is highly appreciated, as I couldn't find this error message at Google.
>
> Thanks and regards,
> Michael
Nobody has had similar differences?
> ods-signerd[26571]: [xfrd] bad packet: zone XXX.XXX received bad xfr packet (xfr over udp incomplete)
Is it possible to configure XFR to use tcp instead of udp?
And: Why would XFR *not* work after updating zonefiles, *but* work after removal of all those files?
Any help is highly appreciated.
Thanks and regards,
Michael
More information about the Opendnssec-user
mailing list