Hello, [Hidden master:192.168.7.46] <---> [OpenDNSSEC:192.168.7.47] <---> [Public slave]
The OS is FreeBSD 11.1-RELEASE with NSD 4.1.24 and OpenDNSSEC 2.1.3 both installed from ports. I occasionally see axfr failures on the hidden master for zones that I deleted from OpenDNSSEC, so I guess I missed some cleanup steps. Here are log entries from the hidden master: [2019-06-24 09:37:04.126] nsd[50181]: info: axfr for example.com. from 192.168.7.47 refused, no acl matches example.com doesn't exist on OpenDNSSEC server: ods-enforcer zone list | grep -i example But ods-signerd still knows about it: Jun 24 10:34:57 srv-sign ods-signerd: [xfrd] zone example.com request axfr to 192.168.7.46 Jun 24 10:34:57 srv-sign ods-signerd: [xfrd] bad packet: zone example.com received error code NOTAUTH from 192.168.7.46 Jun 24 10:34:57 srv-sign ods-signerd: [xfrd] bad packet: zone example.com received bad xfr packet from 192.168.7.46 (nodata) I do see some stale files in tmp -- could this be the cause? -rw-r--r-- 1 root opendnssec 5284 Jun 23 06:02 example.com.axfr -rw-r--r-- 1 root opendnssec 6467 Jun 24 10:02 example.com.backup2 -rw-r--r-- 1 root opendnssec 40462 Jun 23 06:02 example.com.ixfr And here is how I delete the zone: ods-enforcer zone delete --zone example.com Thank you. _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
