This page describes the default setup of OpenDNSSEC.
OpenDNSSEC manages various information on disk which includes the following
Default location: /etc/opendnssec
Signed and unsigned files managed by OpenDNSSEC. These will be used in the case of File Adapters.
/var/opendnssec/signconf - temporary files used to exchange information between the enforcer and signer components. These files should not be edited by users but are useful for debugging
If you use the DNS input adapter, the unsigned zone will not be stored in the /var/opendnssec/unsigned directory, but in the /var/opendnssec/tmp working directory. There are some files, for example if you have the zone example.com:
example.com.backup2: contains the full backup of signer configuration, signed and unsigned zone data.
For DNS Input Adapters:
example.com.xfrd: contains the to be read zone transfers.
example.com.xfrd-state: contains the state of the zone transfer (last serial, last time transferred, which name server to query next, etc).
For DNS Output Adapters:
example.com.ixfr: contains a zone transfer journal for IXFR queries.
example.com.axfr: contains the full zone transfer for AXFR queries and fallback.