On 9 Aug 2013, at 09:22, Klaus Darilion wrote: > > > On 08.08.2013 14:46, Havard Eidnes wrote: >> It seems to me that when you configure OpenDNSSEC to use DNS to >> fetch an unsigned zone and provide a signed zone, it behaves >> differently from a proper DNS server in one important aspect, namely >> that it does not appear to do periodic SOA queries towards the >> provider of the unsigned zone, and it does not appear to answer SOA >> queries itself, but rather appears to depend singularly on notify >> messages to trigger zone transfers and re-signing operations. > > AFAIK this is also with ODS 1.3 which supports incoming AXFR only. As > workaround we have a cron job with "rndc notify ..." on the Bind server to > send NOTIFYs every 5 minutes to ODS.
Hi, Matthijs (our DNS adaptor expert) is away this week and next and he can confirm when he returns.... But I do know that on the output side the DNS adaptor in OpenDNSSEC 1.4 certainly responds to SOA queries as we have just fixed a bug related to this in the upcoming 1.4.2 release: https://issues.opendnssec.org/browse/OPENDNSSEC-424 My understanding is that the input side DNS adaptor uses the refresh field on the SOA to determine when to request further zone transfers. Sara. > > regards > Klaus > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
