moving DNSSEC to a hidden master

Alan Clegg alan at
Sat Oct 12 17:59:33 UTC 2013

On Oct 11, 2013, at 10:54 PM, David Newman <dnewman at> wrote:

> 4. "Check that the new server is working and you can update
> the zone by using nsupdate."
> This is where things fall apart. I run 'rndc freeze' and increment the
> zone file's serial number (or make any other change), and then run 'rndc
> thaw' and 'rndc reload'.
> There's no change in serial number, and there's no error reported in the
> logs.
> What am I missing?

What log messages are you getting from named?  What is the "zone" entry in your named.conf that relates to the zone in question?

I would strongly recommend forgetting all about "freeze the zone and edit" as a method of updating... move completely to dynamic zones if at all possible.

Alan Clegg | +1-919-355-8851 | alan at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the bind-users mailing list