How to reset the serial number?
pettit at yahoo-inc.com
Mon Mar 26 20:25:45 UTC 2012
Did it reject the zone when you used a too-large serial number? If so then that explains why digging against the master doesn't show an updated serial.
On Mar 26, 2012, at 11:53 AM, Carlos Ribas wrote:
> I was doing some tests with DNSSEC in that zone. I used one day of signature lifetime, now it is expired. All this happen when I was trying to regenerate the signature.
> In fact, the problem is that my master did not see the serial change. If I run dig using the master I still got the old serial number,even after restart bind. Should I have to disable DNSSEC?
> Carlos Eduardo Ribas
> 2012/3/26 Chuck Swiger <cswiger at mac.com>
> On Mar 26, 2012, at 11:30 AM, Carlos Ribas wrote:
> > I accidentally changed the serial number to one bigger than 32 bits and now I'm trying to reset the serial number. Following the manual of Bind9 I tried to add 2147483647 (2ˆ31-1) to the number and reload the server, but my slave is not updating to the new zone serial number.
> Shut down the slave server(s).
> Use scp or rsync to copy over the zone file, one with a corrected serial #.
> Restart the slave server(s).
> [ Is BIND putting SOA serial #'s into a signed int? ]
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users