We have 12 zones and we see this situation a few times per week. We have
developed a cron script which compares the serial of the unsigned DNS server
with the serial in the /var/opendns/tmp/<zone>.xfrd-state file. If a
mismatch is detected, the work-around is to stop OpenDNSSEC, delete this
file and restart OpenDNSSEC again.
A similar problem occurs sometimes if the unsigned zone is not changed for
some weeks. OpenDNSSEC then does not update its state anymore. Then, after
some days the zone expires and no outgoing zone transfers are possible
anymore. This case is more difficult to detect before the expiration of the
zone. The work-around is similar.
"Havard Eidnes" schreef in bericht
news:20141023.221714.213271382...@uninett.no...
Hi,
I'm using DNS zone transfers in and out of OpenDNSSEC with OpenDNSSEC
version 1.4.6. It looks like one of the zones have become wedged, and
OpenDNSSEC refuses to transfer a new copy, despite a new SOA being
announced via DNS notify. ods-signerd logs:
<timestamp+host> ods-signerd: [query] ignore notify from a.b.c.d: zone
xxx.yyy.no transfer in progress
What makes it think it's currently transferring the zone, and is there
something I can do to clear that state? I've done a full restart of
OpenDNSSEC via "ods-control stop" and "ods-control start", to no
avail.
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
