rndc zonestatus meaning

Mark Andrews marka at isc.org
Fri Aug 8 06:18:48 UTC 2014 

In message <102153BEF555E7489CA5D54165C431A3013015FC at exchbsi02.ttt.co.th>, "Jittinan S
uwanruengsri" writes:
>
> Hi,
>
> 1.       #rncd zonestatus example.com
> name: example.com
> type: master
> files: /usr/local/named/zone/example.com.zone
> serial: 2013122402
> signed serial: 2013122405
> nodes: 5
> last loaded: Fri, 29 Aug 2014 08:00:15 GMT
> secure: yes
> inline signing: yes
> key maintenance: automatic
> next key event: Mon, 01 Sep 2014 04:56:09 GMT
> next resign node: ns.example.com/NSEC
> next resign time: Sat, 20 Sep 2014 19:55:13 GMT
> dynamic: yes
> frozen: no
>
> 2.       example.com.zone
> $ORIGIN .
> $TTL 86400      ; 1 day
> example.com             IN SOA  ns.example.com. hostmaster.example.com.
> (
>                                 2013122402 ; serial
>                                 86400      ; refresh (1 day)
>                                 7200       ; retry (2 hours)
>                                 604800     ; expire (1 week)
>                                 86400      ; minimum (1 day)
>                                 )
>                         NS      ns.example.com.
> $ORIGIN example.com.
> ns                      A       10.10.10.203
> sub                     NS      ns.sub
>                         DS      19264 8 1 (
>                                 EA38AD65596500B2D6A4BC04478FFD5C13FF7600
> )
>                         DS      19264 8 2 (
> A68BF3856CA9AF1A669EA10DEC8BA72E174108EEB5AA
>                                 D1CF5A3C919E5AB9B60B )
>                         DS      36579 7 1 (
>                                 83F190FDEBF79DFEC93571D2C06240834C059414
> )
>                         DS      36579 7 2 (
> EAFB90C1EB610CF566EC677A381D5F9DCAFB8B0E2B6D
> $ORIGIN sub.example.com.
> ns                      A       10.10.10.204
> $ORIGIN example.com.
> www                     A       2.2.2.2
> 3.       how does bind count number of nodes in zonestatus ?(Mine is 5)

They are counted by the database implementation.

example.com, ns.example.com, sub.example.com. ns.sub.example.com
and www.example.com would be the 5 nodes in this zone.

> 4.       What is nex key event?

This is the next time something needs to be done with respect to
the keys for this zone based on the times stored in the .private
files.  Named will re-read the keys and workout what to do at this
time.

> 5.       What is next resign node?

Next re-sign rrset would be a better description.  It is the next
RRset that is due to be re-signed based on sig-validity-interval
and the timestamps in the RRSIGs.  In the example above the NSEC
record for ns.example.com is the next RRset that needs to be
re-signed.

> 6.       Where can I get more information about DNSSec of Bind 9.10-P2
> beside BIND 9 Administrator Reference Manual because personally, I think
> it does not has detials enough?
>
>
>
> Thank You
>
> Jittinan
>
>

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list