[Pdns-users] Slaves do not return RRSIGs when DO flag is set
Julian K.
jk+powerdns at digineo.de
Tue Aug 5 15:52:05 UTC 2014
Dead pdns users,
I am running a powerdns master with bind backend and a bind-dnssec-db.
Two superslaves receive their zones from the master using zone transfer.
After securing a zone and incrementing the serial, the master returns
RRSIG records if the DO flag is set, but the slaves do not:
|`dig @ns1.digineo.de ssl-tools.net +dnssec`| DOES return the RRSIG
entry (live sigining master)
|`d||ig @ns2.digineo.de ssl-tools.net +dnssec`| does NOT return the
RRSIG entry (slave)
You can also check the results at http://dnsviz.net/d/ssl-tools.net/dnssec/
If I check the zone files on the slave servers, then RRSIG entries are
present.
If I send notifications to the slaves, then it produces the following logs:
Aug 5 17:11:08 h1988784 pdns[12055]: 1 slave domain needs checking, 0
queued for AXFR
Aug 5 17:11:08 h1988784 pdns[12055]: Received serial number updates for
1 zones, had 0 timeouts
Aug 5 17:11:08 h1988784 pdns[12055]: Domain 'ssl-tools.net' is fresh
(not presigned, no RRSIG check)
Does anynone know what is wrong with my setup?
I use pdns-server 3.3 on Ubuntu 14.04.
Kind Regards
Julian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140805/2eb2efa8/attachment.html>
More information about the Pdns-users
mailing list