Hi HÃ¥vard, > Turns out that this is in response to the SOA queries it issues: > 14:49:39.571605 IP xxxx.42494 > yyyy.domain: 21758 [2au] SOA? > 58.39.128.in-addr.arpa. (140) > 14:49:39.572698 IP yyyy.domain > xxxx.42494: 21758 ServFail- 0/0/2 (140) > > Is this expected behaviour, i.e. are SOA queries not part of the > reportoire which OpenDNSSEC implements? If so, that's a surprise...
OpenDNSSEC should respond to SOA queries. There are a couple of cases where it isn't able to. See the soa request function [1]. Maybe the zone is expired? In any case you should find some hint in the logs of the signer. grep for "[axfr]" in combination with "58.39.128.in-addr.arpa". This should, according to the code provide some additional information. Best regards, Yuri [1] https://github.com/opendnssec/opendnssec/blob/1.4/master/signer/src/wire/axfr.c#L53
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
