How to reset the serial number?
Mark Pettit
pettit at yahoo-inc.com
Mon Mar 26 20:25:45 UTC 2012
Did it reject the zone when you used a too-large serial number? If so then that explains why digging against the master doesn't show an updated serial.
On Mar 26, 2012, at 11:53 AM, Carlos Ribas wrote:
> Hello,
>
> I was doing some tests with DNSSEC in that zone. I used one day of signature lifetime, now it is expired. All this happen when I was trying to regenerate the signature.
>
> In fact, the problem is that my master did not see the serial change. If I run dig using the master I still got the old serial number,even after restart bind. Should I have to disable DNSSEC?
>
> Regards,
>
> ---------------------------------
> Carlos Eduardo Ribas
>
>
> 2012/3/26 Chuck Swiger <cswiger at mac.com>
> On Mar 26, 2012, at 11:30 AM, Carlos Ribas wrote:
> > I accidentally changed the serial number to one bigger than 32 bits and now I'm trying to reset the serial number. Following the manual of Bind9 I tried to add 2147483647 (2ˆ31-1) to the number and reload the server, but my slave is not updating to the new zone serial number.
>
> Shut down the slave server(s).
> Use scp or rsync to copy over the zone file, one with a corrected serial #.
> Restart the slave server(s).
>
> [ Is BIND putting SOA serial #'s into a signed int? ]
>
> Regards,
> --
> -Chuck
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list