dnssec updated zone data is not live ??

Alan Clegg aclegg at isc.org
Fri Dec 18 10:39:15 UTC 2009

Niobos wrote:
> On 17 Dec 2009, at 20:50, Kevin Darcy wrote:
>> Cat'ing the zone file is no longer reliable once you've enabled a
>> zone for Dynamic Update. There might be updates in the log file
>> which haven't been committed to the actual zone file yet. That's
>> why I recommended that you use an AXFR of the zone to check for
>> changes recently made.
> Or do an "rndc freeze example.net". This will stop dynamic updates to
> the zone and commit the logfile to the zonefile. Be sure to do an
> "rndc unfreeze example.net" when you're done to reenable dynamic
> updates. 

"rndc thaw [zone]" is the documented way to resume dynamic updates.

I'd also recommend getting acquainted with "named-journalprint" 
(formerly just "journalprint") which will allow you to see the deltas 
that have been made to a given zone without taking that zone into 
"frozen" state.


More information about the bind-users mailing list