Inline Signing does not update SOA?

Mark Andrews marka at isc.org
Mon May 7 21:54:25 UTC 2012


In message <A605629600C9A347B5881FFE16F101FB3D82823520 at NDMSSCC07.ndc.nasa.gov>, "Bischof, Ralph F. (MSFC-IS40)
[NICS]" writes:
> Hi,
> 
> 	I am testing with BIND 9.9.0 and inline signing. I have run upon something that I cannot figure out. W
> hen I update the SOA record of the master zone file, if I reload the zone with "rndc reload", the SOA record
>  is updated. If I perform a stop/start of the named executable, the SOA change is not updated. I can even se
> e in the log file where the unsigned zone's serial number is incremented, yet the signed version does not ch
> ange. Below you can see where I started named, stopped named, made a change in the SOA and incremented the s
> erial number, then started named. After that, I incremented the serial number once more then performed an "r
> ndc reload".

If you only changed the SOA serial then this is expected behaviour.
The unsigned zone's serial is less than the signed zone's serial.
Named works out what has changed in the unsigned zone apart from
the serial and applies that to the signed zone.  That said I can
see a bug where changes only to the SOA other than the serial will
be ignored.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list