Hi Mark,
We have fixed some zone transfer related bugs in the upcoming 1.4.4
which I believe will resolve these problems. Keep an eye on our announce
list.
Best regards,
Matthijs
On 05-03-14 18:57, Mark Elkins wrote:
I'm running opendnssec (version 1.4.1) on three virtual Gentoo machines.
OpenDNSSEC is meant to be a bump on the wire...
I'm trying to sign three zones,
One small - 19 NS delegations, not much else
One medium - 630 lines in the zone - all sorts of stuff.
One Large - just under a million NS Delegations, of which about 20 have
DS records..
The large zone is logging in syslog:
ods-signerd: [worker[1]] sign zone co.za failed: processed 53355 of
54355 RRsets
ods-signerd: [worker[1]] CRITICAL: failed to sign zone co.za: General
error
ods-signerd: [worker[1]] backoff task [sign] for zone co.za with 60
seconds
ods-signerd: [engine] signer shutdown
That doesn't look good to me. Where can I find out more?
My setup is...
Box1, running BIND 9.9.4 - Master for all three domain
Box2, OpenDNSSEC. set up for NSEC3, OptOut...
Box3, running BIND 9.9.4, Slave for the three domains.
I also have the feeling that Notifies get lost from Box1 to Box2...
(unless I stop/start)
Can't "dig" Box2 (OpenDNSSEC) anymore either...
yet...
addns.xml: contains...
<ProvideTransfer>
<Peer><Prefix>::1</Prefix></Peer>
<Peer><Prefix>160.124.48.43</Prefix></Peer>
<Peer><Prefix>2001:42a0:1000:48::43</Prefix></Peer>
</ProvideTransfer>
(Can one use "0.0.0.0" as a wildcard???)
Then I stop and start and then I can "dig" again...
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
