Hi, I'm currently trying to get a setup working, where OpenDNSSEC has to use AXFR to fetch the unsigned zone from a hidden master DNS server and should later serve these signed zones to the authorative DNS servers.
OpenDNSSEC should AXFR from a Bind server. When Bind loads the new zone, it sends the AXFR to OpenDNSSEC (bind is configured with also-notify ip/port of OpenDNSSEC). What I get in the logfile is the following (<domainame> is the correct name of the zone): Jun 24 12:40:02 h1773255 ods-signerd: Received command: 'sign <domainame>' Jun 24 12:40:02 h1773255 ods-signerd: Scheduling task to sign <domainame> at 1277375590.64 with resign time 7200 Jun 24 12:40:02 h1773255 ods-signerd: acquire cond Jun 24 12:40:02 h1773255 ods-signerd: notify Jun 24 12:40:02 h1773255 ods-signerd: release cond Jun 24 12:40:02 h1773255 ods-signerd: Releasing lock on engine Jun 24 12:40:02 h1773255 ods-signerd: Sending response: Zone scheduled for immediate resign Jun 24 12:40:02 h1773255 ods-signerd: Done handling command Jun 24 12:40:02 h1773255 ods-signerd: Client socket shut down Jun 24 12:40:02 h1773255 ods-signerd: worker 1 acquiring lock Jun 24 12:40:02 h1773255 ods-signerd: worker 1 acquired lock Jun 24 12:40:02 h1773255 ods-signerd: worker 1 released lock Jun 24 12:40:02 h1773255 ods-signerd: Got task for worker 1 Jun 24 12:40:02 h1773255 ods-signerd: Worker 1 run task Jun 24 12:40:02 h1773255 ods-signerd: Zone action to perform: 4 Jun 24 12:40:02 h1773255 ods-signerd: Fetch zone: /var/lib/opendnssec/unsigned/<domainame>.axfr Jun 24 12:40:02 h1773255 ods-signerd: Fetch zone: /var/lib/opendnssec/unsigned/<domainame>.axfr Jun 24 12:40:02 h1773255 ods-signerd: Input file missing: /var/lib/opendnssec/unsigned/<domainame> I read in the docs that zonefetch stores the AXFR result as the input file adapter plus an additional ".axfr" extension. It appears that signerd cannot find the AXFRed file. So my question is: how can I fix this? I'm using OpenDNSSEC 1.1.0.dfsg-1 on a Debian lenny (with backports). Best regards, Volker Janzen _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
