hi all,
I'm testing opendnssec 1.4 now, the work i have done is get zone file created
from database and then let opendnssec(192.168.1.24) signs it and finally SEND
to another server(192.168.1.25) equiped with BIND and let BIND reload the
signed zone file.
But, I have not succeed yet, my configuration files are as follows(I did not
use Inbound in addns.xml,only the Outbound used,so I let Inbound not changed):
addns.xml
....
<Adapter>
<DNS>
<TSIG>
<Name>secret.example.com</Name>
<!--
http://www.iana.org/assignments/tsig-algorithm-names -->
<Algorithm>hmac-md5</Algorithm>
<!-- base64 encoded secret -->
<Secret>L19PntmGH8OTnYQd+nNk+g==</Secret>
</TSIG>
<Inbound>
<!-- Address of host to request XFR from -->
<RequestTransfer>
<!-- EXAMPLE: send request to 1.2.3.4 on the
default port 53 -->
<Remote>
<Address>1.2.3.4</Address>
</Remote>
<!-- EXAMPLE: send request to dead:beef::1 on
port 5353, TSIG signed with secret.example.com -->
<Remote>
<Address>dead:beef::1</Address>
<Port>5353</Port>
<Key>secret.example.com</Key>
</Remote>
</RequestTransfer>
<!-- Allow NOTIFY messages from host -->
<AllowNotify>
<!-- EXAMPLE: allow notifies from 1.2.3.4 -->
<Peer>
<Prefix>1.2.3.4</Prefix>
</Peer>
</AllowNotify>
</Inbound>
<Outbound>
<!-- Provide XFR to host -->
<ProvideTransfer>
<!-- EXAMPLE: provide XFR to 1.2.3.5 with key
secret.example.com -->
<Peer>
<Prefix>192.168.1.25</Prefix>
<Key>secret.example.com</Key>
</Peer>
</ProvideTransfer>
<!-- Send NOTIFY messages to host -->
<Notify>
<!-- EXAMPLE: send NOTIFY to 1.2.3.5 on the
default port 53 -->
<Remote>
<Address>192.168.1.25</Address>
</Remote>
</Notify>
</Outbound>
</DNS>
....
zonelist.xml
....
<Zone name="example.com">
<Policy>default</Policy>
<SignerConfiguration>/var/opendnssec/signconf/example.com.xml</SignerConfiguration>
<Adapters>
<Input>
<Adapter
type="File">/var/opendnssec/unsigned/example.com</Adapter>
</Input>
<Output>
<Adapter
type="DNS">/etc/opendnssec/addns.xml</Adapter>
</Output>
</Adapters>
</Zone>
....
conf.xml
....
<Signer>
<WorkingDirectory>/var/opendnssec/tmp</WorkingDirectory>
<WorkerThreads>4</WorkerThreads>
<SignerThreads>4</SignerThreads>
<Listener>
<Interface><Port>53</Port></Interface>
</Listener>
</Signer>
....
In the syslog, I find
" ods-signerd: [engine] no dnshandler/listener configured, but zones are
configured with dns adapters: notify and zone transfer requests will not work
properly "
" ods-signerd: [tools] unable to read zone example.com: adapter failed (General
error) "
Is there something wrong in the configuration files? Can anybody help me to
implement the AXFR from OpenDNSSEC to BIND? Thanks a lot!
P.S.
I found that there are no elements such as <ZonfFechFile> in <Common> and
<NotifyListen> in conf.xml, maybe a new documentation should be released,: ).
刘硕_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
