a bit more for completeness ...
initiating UDP traffic from the ods box's shell, a query to nsd4 listening at
10.2.2.53 -- specified in ods addns.xml as the notify target, (noting that
recursion's not allowed -- just watching traffic),
dig google.com @10.2.2.53
; <<>> DiG 9.11.0-P1 <<>> google.com @10.2.2.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 399
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL:
1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 43 msec
;; SERVER: 10.2.2.53#53(10.2.2.53)
;; WHEN: Mon Dec 26 17:10:23 PST 2016
;; MSG SIZE rcvd: 39
following with tcpdump
tcpdump -i tun1 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full
protocol decode
listening on tun1, link-type RAW (Raw IP), capture size 262144
bytes
17:10:23.485198 IP dns.example.net.57886 >
dnsext.example.net.domain: 399+ [1au] A? google.com. (51)
17:10:23.528369 IP dnsext.example.net.domain >
dns.example.net.57886: 399 Refused- 0/0/1 (39)
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
on exec of an ODS zone add
/usr/local/opendnssec/sbin/ods-enforcer zone add \
--zone example.com \
--policy lab \
--in-type DNS \
--input /usr/local/etc/opendnssec/addns.xml \
--out-type DNS \
--output /usr/local/etc/opendnssec/addns.xml
input is set to /usr/local/etc/opendnssec/addns.xml.
output is set to /usr/local/etc/opendnssec/addns.xml.
Zone example.com added successfully
tcpdump is silent
tcpdump -i tun1 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full
protocol decode
listening on tun1, link-type RAW (Raw IP), capture size 262144
bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
