> Thanks for the extensive report. I created an issue > https://issues.opendnssec.org/browse/OPENDNSSEC-853 which summarizes the > problem like this: > > serial_xfr_acquired time in the xfrd state file is not updated properly. > This may cause an issue on restart if serial_xfr_acquired+expire < now. > The zone is then not served (despite having had a recent incoming XFR > and up to date SOA). After next XFR the zone will be served again. > > We'll look in to it.
Thanks! I suspect that OpenDNSSEC itself is periodically doing a "refresh" (outgoing SOA query towards the hidden master) for the zones it serves, and after a while it will have completed this for all the zones. I observe that the "not serving soa" messages stopped after a number of hours (I restarted OpenDNSSEC around 13:00 and the last "not serving soa" message was logged 23:21 the same day), so it looks like the downstream distribution master is in reality not in danger of expiring the zones -- I'm assuming that once OpenDNSSEC has done its refresh, it has started serving the SOA records downstream as well. Regards, - HÃ¥vard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
