Inline Signing does not update SOA?

Bischof, Ralph F. (MSFC-IS40)[NICS] ralph.bischof at nasa.gov
Mon May 7 13:54:36 UTC 2012


Hi,

	I am testing with BIND 9.9.0 and inline signing. I have run upon something that I cannot figure out. When I update the SOA record of the master zone file, if I reload the zone with "rndc reload", the SOA record is updated. If I perform a stop/start of the named executable, the SOA change is not updated. I can even see in the log file where the unsigned zone's serial number is incremented, yet the signed version does not change. Below you can see where I started named, stopped named, made a change in the SOA and incremented the serial number, then started named. After that, I incremented the serial number once more then performed an "rndc reload".

(Started named)
07-May-2012 08:00:00.664 general: managed-keys-zone: loaded serial 0
07-May-2012 08:00:00.664 general: zone 0.0.127.in-addr.arpa/IN: loaded serial 1
07-May-2012 08:00:00.683 general: zone nasa.gov/IN (unsigned): loaded serial 200804540
07-May-2012 08:00:00.704 general: zone nasa.gov/IN (signed): loaded serial 200804885 (DNSSEC signed)
07-May-2012 08:00:00.705 general: zone localhost/IN: loaded serial 1
07-May-2012 08:00:00.705 general: all zones loaded
07-May-2012 08:00:00.705 general: running
07-May-2012 08:00:00.719 general: zone nasa.gov/IN (signed): receive_secure_serial: unchanged
07-May-2012 08:00:00.719 general: zone nasa.gov/IN (signed): reconfiguring zone keys
07-May-2012 08:00:00.720 general: zone nasa.gov/IN (signed): next key event: 07-May-2012 09:00:00.719
(Stopped named and edited zone file 'nasa.gov')
07-May-2012 08:01:14.057 general: shutting down
07-May-2012 08:01:14.058 general: stopping command channel on 0.0.0.0#953
07-May-2012 08:01:14.064 general: exiting
(Started named)
07-May-2012 08:01:49.998 general: managed-keys-zone: loaded serial 0
07-May-2012 08:01:49.999 general: zone 0.0.127.in-addr.arpa/IN: loaded serial 1
07-May-2012 08:01:50.017 general: zone nasa.gov/IN (unsigned): loaded serial 200804541
07-May-2012 08:01:50.039 general: zone nasa.gov/IN (signed): loaded serial 200804885 (DNSSEC signed)
07-May-2012 08:01:50.039 general: zone localhost/IN: loaded serial 1
07-May-2012 08:01:50.040 general: all zones loaded
07-May-2012 08:01:50.040 general: running
07-May-2012 08:01:50.053 general: zone nasa.gov/IN (signed): receive_secure_serial: unchanged
07-May-2012 08:01:50.059 general: zone nasa.gov/IN (signed): reconfiguring zone keys
07-May-2012 08:01:50.060 general: zone nasa.gov/IN (signed): next key event: 07-May-2012 09:01:50.059
(Performed rndc reload)
07-May-2012 08:02:59.553 general: received control channel command 'reload nasa.gov'
07-May-2012 08:02:59.611 general: zone nasa.gov/IN (unsigned): loaded serial 200804542
07-May-2012 08:02:59.612 general: zone nasa.gov/IN (signed): serial 200804886 (unsigned 200804542)

	Am I doing something wrong?

Thank you,
Ralph F. Bischof, Jr.
NASA Agency IPAM/DNS/DHCP
SAIC/NICS
256-544-3982





More information about the bind-users mailing list