Open pettai opened 4 years ago
Hi,
Can you share the configuration section for this zone?
Something like:
rpz:
name: "zone.test.rpz.testing.net."
zonefile: "/etc/unbound/rpz/zone.test.rpz.testing.net"
master: test.rpz.testing.net
allow-notify: 193.xx.yy.zz
rpz-action-override: passthru
rpz-log: yes
rpz-log-name: rpz.testing
I have a test-server that ended up in this state again (now on unbound 1.13.1+)
It seems to be more of unbound-control state issue, that isn't updated properly, because the expired zonefiles content is updated after a fetch + reload.
root@reslover-test:~# unbound-control list_auth_zones
zone3.mw.rpz.switch.ch. expired
zone3.ph.rpz.switch.ch. expired
[...]
root@reslover-test:~# unbound-control auth_zone_transfer zone3.ph.rpz.switch.ch
ok
root@reslover-test:~# unbound-control reload zone3.ph.rpz.switch.ch
ok
root@reslover-test:~# ls -l /etc/unbound/rpz/zone3.ph.rpz.switch.ch.zone
-rw-r--r-- 1 unbound unbound 2135360 Apr 20 08:22 /etc/unbound/rpz/zone3.ph.rpz.switch.ch.zone
root@reslover-test:~# head /etc/unbound/rpz/zone3.ph.rpz.switch.ch.zone
zone3.ph.rpz.switch.ch. 300 IN SOA ns1.rpz.switch.ch. dns-operation.switch.ch. 1618905613 600 300 604800 300
[...]
root@reslover-test:~# unbound-control list_auth_zones
zone3.mw.rpz.switch.ch. expired
zone3.ph.rpz.switch.ch. expired
[...]
This is unbound version 1.10.1~git20200407 running on Ubuntu (bionic)
Initial state:
Initiate a new transfer + reload on the expired auth zone:
After that, the state is unchanged:
An non-expired zone is updated then doing the above procedure above. (I can't find any errors from the unbound log messages )