Not the result I was expecting! but Ill take the credit none the less!
Tim Dykes H: 02 8006 2033 M: 041 962 0603 E: ttdykes at gmail.com On Mon, Jan 31, 2011 at 11:52 PM, Jan-Piet Mens <[email protected]> wrote: > Tim, > > > Set signer verbosity as high as possible and might see the reason the >> zone transfer is failing in syslog. >> > > Well, that was certainly helpful. In a way: :) > > $ ods-signer verbosity 9999 > $ z=c1008.aa > > $ ods-ksmutil zone add --zone $z --policy pol0 -s /tmp/o/signconf/$z -i > /tmp/o/unsigned/$z -o /tmp/o/signed/$z > $ ods-control enforcer notify > > No changes to any configs since last reported, but increase of verbosity > causes the system to AXFR the zone ??? > > > Jan 31 13:40:19 sign1 ods-signerd: received command update c1008.aa[15] > Jan 31 13:40:19 sign1 ods-signerd: cmdhandler: updating signer > configuration (c1008.aa) > Jan 31 13:40:19 sign1 ods-signerd: zone fetcher reloaded (pid=9650) > Jan 31 13:40:19 sign1 ods-signerd: read zone list file > /usr/local/stow/opendnssec-1.2.0/etc/opendnssec/zonelist.xml > Jan 31 13:40:19 sign1 ods-signerd: zone fetcher transferred zone c1008.aa > serial 1 successfully > Jan 31 13:40:19 sign1 ods-signerd: received command sign c1008.aa[13] > Jan 31 13:40:19 sign1 ods-signerd: cmdhandler: not working on zone > c1008.aa, updating zone list > Jan 31 13:40:19 sign1 ods-signerd: cmdhandler: updating signer > configuration (c1008.aa) > Jan 31 13:40:19 sign1 ods-signerd: zone fetcher reloaded (pid=9650) > Jan 31 13:40:19 sign1 ods-signerd: read zone list file > /usr/local/stow/opendnssec-1.2.0/etc/opendnssec/zonelist.xml > Jan 31 13:40:19 sign1 ods-signerd: zone fetcher reloaded (pid=9650) > Jan 31 13:40:19 sign1 ods-signerd: fetch zone c1008.aa > Jan 31 13:40:19 sign1 ods-signerd: read zone c1008.aa from input file > adapter /tmp/o/unsigned/c1008.aa > Jan 31 13:40:19 sign1 ods-signerd: zone c1008.aa set SOA TTL to 600 > Jan 31 13:40:19 sign1 ods-signerd: zone c1008.aa set SOA MINIMUM to 600 > Jan 31 13:40:20 sign1 ods-signerd: publish dnskeys to zone c1008.aa > Jan 31 13:40:20 sign1 ods-signerd: zone c1008.aa set DNSKEY TTL to 3600 > Jan 31 13:40:20 sign1 ods-signerd: zone c1008.aa set DNSKEY TTL to 3600 > Jan 31 13:40:20 sign1 ods-signerd: update zone c1008.aa > Jan 31 13:40:20 sign1 ods-signerd: zone c1008.aa updated to serial > 2011013100 > Jan 31 13:40:20 sign1 ods-signerd: nsecify zone c1008.aa > Jan 31 13:40:21 sign1 ods-signerd: sign zone c1008.aa > ----------- JP: signed c1008.aa in /tmp/o/signed/c1008.aa -------- > Jan 31 13:40:26 sign1 ods-signerd: zone c1008.aa signed, new serial > 2011013100 > Jan 31 13:40:26 sign1 ods-signerd: write zone c1008.aa serial 2011013100 > > I then set verbosity to 0, and the initial AXFR for a new zone fails. > > Verbosity 0 through 4 fails > Verbosity 5 transfers the zone. That would appear to be a bug. > > -JP >
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
