OT: Bind 9.9.0B1 Inline-Signing Question

Jan-Piet Mens jpmens.dns at gmail.com
Fri Nov 11 11:42:28 UTC 2011


> So the error being logged isn't really an error, it just looks like
> one; we should probably see about silencing it.

The error is indeed confusing, maybe it should say "not yet signed" ?

11-Nov-2011 12:32:35.838 zone inline.aa/IN/internal (unsigned): loaded serial 2
11-Nov-2011 12:32:35.838 zone inline.aa/IN/internal (signed): not loaded due to errors.

> When you modify your static zone file and run 'rndc reload', named
> will detect the changes that you've made via the same mechanism as
> ixfr-from-differences, generate signatures for the new records, and
> add those to the signed version of the zone automatically.

Almost. rndc reload behaviour has appaently changed. What actually
happens on my copy of BIND 9.9.0b1 is:

        $ rndc reload
        rndc: 'reload' failed: up to date
        $ echo $?
        1

named (running with -g) shows:

11-Nov-2011 12:36:08.377 zone inline.aa/IN/internal (signed): (master) removed
11-Nov-2011 12:36:08.378 reloading configuration succeeded
11-Nov-2011 12:36:08.378 reloading zones failed: up to date

(The message "(master) removed" may cause the odd heart attack... :-)

        $ rndc reload inline.aa
        zone reload successful
        $ echo $?
        0

Named then prints:

11-Nov-2011 12:38:16.911 received control channel command 'reload inline.aa'
11-Nov-2011 12:38:16.912 zone inline.aa/IN/internal (unsigned): loaded serial 3
11-Nov-2011 12:38:16.912 zone inline.aa/IN/internal (signed): loaded serial 5 (DNSSEC signed)
11-Nov-2011 12:38:16.912 zone inline.aa/IN/internal (signed): reconfiguring zone keys
11-Nov-2011 12:38:16.913 zone inline.aa/IN/internal (signed): next key event: 11-Nov-2011 13:38:16.913

A second (futile) reload:

        $ rndc reload inline.aa
        zone reload up-to-date
        $ echo $?
        0

Regards,

        -JP



More information about the bind-users mailing list