with
netstat -npla | egrep "ods\-|:15354"
tcp 0 0 10.1.1.53:15354 0.0.0.0:*
LISTEN 12618/ods-signerd
tcp 0 0 127.0.0.1:15354 0.0.0.0:*
LISTEN 12618/ods-signerd
udp 0 0 10.1.1.53:15354 0.0.0.0:*
12618/ods-signerd
udp 0 0 127.0.0.1:15354 0.0.0.0:*
12618/ods-signerd
unix 2 [ ACC ] STREAM LISTENING 260902
12660/ods-enforcerd /var/run/opendnssec/enforcer.sock
unix 2 [ ACC ] STREAM LISTENING 261964
12618/ods-signerd /var/run/opendnssec/engine.sock
unix 3 [ ] STREAM CONNECTED 262968
12660/ods-enforcerd
unix 2 [ ] DGRAM 260901
12660/ods-enforcerd
unix 3 [ ] DGRAM 261967
12618/ods-signerd
unix 3 [ ] STREAM CONNECTED 262878
12618/ods-signerd
unix 2 [ ] DGRAM 261963
12618/ods-signerd
unix 3 [ ] DGRAM 261966
12618/ods-signerd
and
/usr/local/opendnssec/sbin/ods-enforcer zone add \
--zone example.com \
--policy lab \
--in-type DNS \
--input /usr/local/etc/opendnssec/addns.xml \
--out-type DNS \
--output /usr/local/etc/opendnssec/addns.xml
on exec of
/usr/local/opendnssec/sbin/ods-signer retransfer example.com
Zone example.com being re-transfered.
log reports the same/consistent failure by ods to send the notify to the remote,
tail -f /var/logl/opendnssec/opendnssec.log
Dec 27 09:45:03 dns ods-signerd: [xfrd] zone example.com
request axfr to 127.0.0.1
Dec 27 09:45:03 dns ods-signerd: [xfrd] zone example.com
transfer done [notify acquired 0, serial on disk 1482857148, notify serial 0]
Dec 27 09:45:03 dns ods-signerd: [STATS] example.com 1482860703
RR[count=1 time=0(sec)] NSEC3[count=0 time=0(sec)] RRSIG[new=1 reused=26
time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)]
Dec 27 09:45:03 dns ods-signerd: [notify] unable to send data
over udp to 10.2.2.53: sendto() failed (Invalid argument)
Dec 27 09:45:03 dns ods-signerd: [notify] unable to send notify
retry 1 for zone example.com to 10.2.2.53: notify_send_udp() failed
further, the remote nsd's logs show no activity, and there's no traffic I can
manage to see via tcpdump either locally or @ remote
otoh, if I send a 'manual' notify to the remote
./send-dns-notify \
-d -d \
-b 10.1.1.53 \
-s 10.2.2.53 \
-z example.com
zone : example.com
nameserver: 10.2.2.53
src_ipaddr: 10.1.1.53
there's at least an obvious connection
--------------------------------------------------------------------------
send notify for example.com to 10.2.2.53
received answer from 10.2.2.53
;; Answer received from 10.2.2.53 (28 bytes)
;; HEADER SECTION
;; id = 27609
;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = NOTIFY
;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR
;; qdcount = 1 ancount = 0 nscount = 0 arcount = 0
;; do = 0
;; QUESTION SECTION (1 record)
;; example.com. IN SOA
;; ANSWER SECTION (0 records)
;; AUTHORITY SECTION (0 records)
;; ADDITIONAL SECTION (0 records)
which the remote nsd4 instance sees
[2016-12-27 17:58:53.491] nsd[28836]: info: notify for example.com.
from 10.1.1.53
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
