On Mon, Nov 3, 2014 at 1:42 PM, Havard Eidnes <h...@uninett.no> wrote: >> Same issue here. We host ~10 zones in a "hidden master > signer > >> public slave" setup (OpenDNSSEC 1.4.6 using DNS adapters and running >> on FreeBSD 10). The unsigned zone that hasn't been changed for some >> weeks expires hence outgoing zone transfers are no longer working. >> >> Here is the only relevant entry in the logs of the signer: >> >> Nov 3 10:52:20 ns-signer ods-signerd: [axfr] zone domain1.org expired, not >> transferring zone >> >> And on the public slave: >> >> [2014-11-03 10:52:55.422] nsd[19847]: error: xfrd: zone domain1.org >> received error code SERV FAIL from 192.168.200.11 >> >> Although in my case, I didn't have to clear /var/opendns/tmp/<zone> >> and restart OpenDNSSEC -- increasing the serial and reloading the zone >> on the hidden master usually does the trick for me. >> >> Do you mind sharing the script that you use to compare the serials? > > You didn't see my later message in this thread from friday? This > appears to be due to a bug in OpenDNSSEC, I'm using this patch: > > ------------------------------ > Hm, there's no need for htonl() on values restored from a file. > This causes IXFRs to fail, because the wrong SOA version number > is being stuffed into the IXFR requests(!) > > --- signer/src/wire/xfrd.c.orig 2014-07-21 09:30:09.000000000 +0000 > +++ signer/src/wire/xfrd.c > @@ -265,12 +265,12 @@ xfrd_recover(xfrd_type* xfrd) > xfrd->timeout.tv_sec = timeout; > xfrd->timeout.tv_nsec = 0; > xfrd->master = NULL; /* acl_find_num(...) */ > - xfrd->soa.ttl = htonl(soa_ttl); > - xfrd->soa.serial = htonl(soa_serial); > - xfrd->soa.refresh = htonl(soa_refresh); > - xfrd->soa.retry = htonl(soa_retry); > - xfrd->soa.expire = htonl(soa_expire); > - xfrd->soa.minimum = htonl(soa_minimum); > + xfrd->soa.ttl = soa_ttl; > + xfrd->soa.serial = soa_serial; > + xfrd->soa.refresh = soa_refresh; > + xfrd->soa.retry = soa_retry; > + xfrd->soa.expire = soa_expire; > + xfrd->soa.minimum = soa_minimum; > xfrd->soa.mname[0] = xfrd_recover_dname(xfrd->soa.mname+1, > soa_mname); > xfrd->soa.rname[0] = xfrd_recover_dname(xfrd->soa.rname+1, > ------------------------------
Many thanks Havard! Sorry, I overlooked it -- will give it a try. Regards, Roman _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
