Uploaded image for project: 'Support'
  1. Support
  2. SUPPORT-103

Problems when IXFR request comes in and no ixfr available

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: OpenDNSSEC 1.4.2
    • Fix Version/s: None
    • Component/s: Signer
    • Labels:
      None
    • Environment:

      RHEL 6
      rpms from epel repos

      Description

      Starting situation:
      signed slave has SOA 1303344380
      ODS signer has nothing (working directory cleared out)

      ODS then signs zone (Would be good if the logs had a SOA number in them!)
      Signed slave requests IXFR and gets this:
      failed while receiving responses: tsig verify failure

      This response is not correct as the tsig is correct. Doing "rndc retransfer example.com" transfers the zone correctly.
      New SOA was higher than previous one on signed slave - 1303345739, so, with no IXFR to fall back to, and AXFR should have been allowed/performed.

      ods-signer logs contain this:

      [axfr] unable to open ixfr file example.com.ixfr for zone example.com
      [axfr] axfr fallback zone example.com
      [socket] unable to handle outgoing tcp response: write() failed (Broken pipe)

        Attachments

          Activity

            People

            Assignee:
            matthijs Matthijs Mekking
            Reporter:
            andyh Andy Holdaway
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: