Bind 9.9.0b2 inline signing...

McConville, Kevin kmcconville at albany.edu
Tue Nov 22 18:32:43 UTC 2011


Jan-Piet you get the Gold Star!!! You totally got it right!

If I specify a "rndc reload", the journal files never get updated and Bind loads the outdated signed file. However, if I specify an "rndc reload ualbanytest.org" - the changes get picked up and a journal file is created for the unsigned zone as well. 

-rw-rw-r-- 1 named root   1096 Nov 22 13:06 ualbanytest.org
-rw------- 1 named named   772 Nov 22 13:08 ualbanytest.org.jnl
-rw------- 1 named named 10523 Nov 22 13:16 ualbanytest.org.signed
-rw------- 1 named named 14727 Nov 22 13:08 ualbanytest.org.signed.jnl

Now, I'm guessing (hoping) that for the production release of 9.9, we can go back to using "rndc reload" without having to specify each individual zone? Currently in production we just use the "rndc reload" without specifying the zone name. Or is having to specify the zone going to be the new normal?

Thanks,

-Kevin 

Kevin McConville
University at Albany

-----Original Message-----
From: Jan-Piet Mens [mailto:jpmens at gmail.com] On Behalf Of Jan-Piet Mens
Sent: Tuesday, November 22, 2011 1:02 PM
To: McConville, Kevin
Cc: bind-users at lists.isc.org
Subject: Re: Bind 9.9.0b2 inline signing...

> 22-Nov-2011 11:25:28.320 general: notice: all zones loaded
> 22-Nov-2011 11:25:28.320 general: notice: running

This looks to me as though you've cycled the server, which isn't currently allowed. Evan pointed out recently here that it can actually corrupt the zone...

My experience is that, after changing the zone, I have to reload with the zone name explicitly given:

        rndc reload zonename

What I'd do is remove journal and the signed version and start over. :)

        -JP





More information about the bind-users mailing list