"Havard Eidnes" wrote in message
news:[email protected]...
We have 12 zones and we see this situation a few times per week. We
have developed a cron script which compares the serial of the unsigned
DNS server with the serial in the /var/opendns/tmp/<zone>.xfrd-state
file. If a mismatch is detected, the work-around is to stop
OpenDNSSEC, delete this file and restart OpenDNSSEC again.
Hm. This, I think, is more frequent than what I'm seeing, but it
may be a lack of monitoring on our part...
A similar problem occurs sometimes if the unsigned zone is not
changed for some weeks. OpenDNSSEC then does not update its
state anymore. Then, after some days the zone expires and no
outgoing zone transfers are possible anymore. This case is more
difficult to detect before the expiration of the zone. The
work-around is similar.
This sounds strange, and I don't think we've seen this so far.
For this to happen, the signer would have to stop answering SOA
queries from the "slave" it uses for outgoing zone transfers, I
would beleive; well, perhaps also in addition it'd have to stop
outgoing zone transfers from happening. Is that what you've been
seeing?
Which version of OpenDNSSEC are you running?
1.4.6, but it happened also in earlier versions.
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
