Hi Matthijs, thanks for your reply.
> If there is no .axfr file, it cannot be moved to be the designated > unsigned input file. Was the transfer successful? This was the correct question. bind was sending notifies, but no sign of a client trying to AXFR. I did not notice that before because I was trying to force signing via command line too. Investigating with netstat I found out that my NotifyListen directives in zonefetch.xml do not result in someone listening on the IP/port combination. I'm using these zonefetch.xml settings: <!-- where to listen for notifies --> <!-- DEFAULT: do not listen to notify on specific address --> <NotifyListen><IPv4>myFirstIP</IPv4><Port>1234</Port></NotifyListen><NotifyListen><IPv4>mySecondIP</IPv4><Port>53</Port></NotifyListen> (Just the first NotifyListen does not make a difference) Changing the port to a higher number (I let OpenDNSSEC drop root priviledges) does not have an effect either. zonefetch.xml is also activated in conf.xml by <ZoneFetchFile>/etc/opendnssec/zonefetch.xml</ZoneFetchFile> Do you have any ideas what I need to check to find out what's wrong? Best regards, Volker Janzen _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
