Hi, I'm a newbie trying to find my way around OpenDNSSEC. I started with 1.3.13, and after a few failed starts and some helpful hints from the people responding to bug reports, I managed to coerce OpenDNSSEC to produce a signed zone file, using the zonefetch method, and my /var/opendnssec tree now contains the following files:
./signconf/156.193.in-addr.arpa.xml ./signconf/156.193.in-addr.arpa.xml.OLD ./signed/156.193.in-addr.arpa ./unsigned/156.193.in-addr.arpa ./unsigned/156.193.in-addr.arpa.axfr Now, I've installed OpenDNSSEC version 1.4.1, and did the conversion of the Sqlite3 database, and want to start using the "axfr in" and "axfr out" adapters for this zone instead of the old signer interface which did "file in", "file out". By the looks of it, I need to modify the zonelist.xml file, and replace the <Input><File> sections with <Input><Adapter type="DNS"> etc., and "ods-ksmutil update all" now accepts that config as valid. However, trying to do a zone transfer from the configured consumer fails, and in the log I get Jul 17 22:02:06 xxxxx ods-signerd: [axfr] unable to open axfr file 156.193.in-addr.arpa.axfr for zone 156.193.in-addr.arpa I'm thinking: Well, if the configured method needs a file with a particular name in a particular directory, it's OpenDNSSEC's job ensure that file gets created, not mine! What am I missing? Do I need to delete and re-add the zone? Won't that recycle the KSK key? Not that I've copied the DS, but ... Among other things, I wanted to see whether the required conversions were sufficiently documented... (The zone file has most probably not been fetched using the input adapter, so what's in /var/opendnssec is what ODS 1.3.13 left there, since the zone file has not been updated on the master server.) Regards, - HÃ¥vard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
