Hi Rein,
I fixed the problem by stopping ods (both enforcer and signer), then I
deleted /var/opendnssec/tmp/rug.nl.xfrd-state, then I started ods again.
After that the zone was properly received and processed. (I tried this,
because of what I read in another thread earlier this month.)
So, unfortunately, it makes no sense anymore to follow your suggestion.
Sorry, I was a bit in a hurry. I hope such a zone transfer problem will not
happen again, but if it happens, I will have a look there.
Still I would like to have some better logging of notify messages and zone
transfer, or is it available at higher verbosity?
Fred.Zwarts.
-----Oorspronkelijk bericht-----
From: Rick van Rein
Sent: Thursday, May 15, 2014 22:43
To: Fred.Zwarts
Cc: opendnssec-user@lists.opendnssec.org
Subject: Re: [Opendnssec-user] Notify debugging
Hi Fred,
The /var/opendnssec/tmp/rug.nl-xfrd-state file still shows the old soa
serial 2014051506, where the unsigned system is already at 2014051520.
To me it looks as if opendnssec receives the zone, but does not process
it.
Any other ideas to diagnose this problem?
Can you have a look at /var/opendnssec/unsigned/rug.nl* ?
If the zone changes arrive (I assume the mutliple arrivals are due to zone
updates, each resulting in a NOTIFY) then you should find it there, probably
as rug.nl.axfr.
That should help you distinguish if it is a transport problem or a
signer-trigger problem.
You can manually trigger resigning to see if it is a matter of the new
arrival not triggering the signer properly, with
ods-signer sign rug.nl
-Rick
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
