Hi, I'm using DNS AXFR/IXFR to transfer zones out of my OpenDNSSEC installation. Today I had occasion to look a bit closer at what the downstream BIND was logging, and it logged all too frequently that OpenDNSSEC returned a "SERVFAIL" error response.
Turns out that this is in response to the SOA queries it issues: 14:49:39.571605 IP xxxx.42494 > yyyy.domain: 21758 [2au] SOA? 58.39.128.in-addr.arpa. (140) 14:49:39.572698 IP yyyy.domain > xxxx.42494: 21758 ServFail- 0/0/2 (140) 14:49:40.071747 IP xxxx.42892 > yyyy.domain: 55296 [1au] SOA? 58.39.128.in-addr.arpa. (129) 14:49:40.073077 IP yyyy.domain > xxxx.42892: 55296 ServFail- 0/0/1 (129) Is this expected behaviour, i.e. are SOA queries not part of the reportoire which OpenDNSSEC implements? If so, that's a surprise... This is with OpenDNSSEC 1.4.13. Regards, - HÃ¥vard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
