recover missing journal files from running server

Phil Pennock bind-users+phil at spodhuis.org
Thu Jul 10 16:33:01 UTC 2014


Folks, in a moment of gross stupidity I added "--delete-delay" to an
rsync invocation in a deploy script, to remove master zonefiles from
the server which are no longer needed.  I forgot that the DNSSEC
auto-maintain journal files are in that directory too.

Seeing little things like this:

    deleting db.spodhuis.org.signed.jnl
    deleting db.spodhuis.org.signed
    deleting db.spodhuis.org.jnl
    deleting db.spodhuis.org.jbk

worry me.  So, I still have all of the DNSSEC keyfiles (different
directory, and in private git pushed to backup storage anyway).  I still
have a running server instance.

Is there any way to get back the on-disk state files for the
auto-maintained zones, so that I can recover from my mistake cleanly?
(There's about 20 domains).

Using `rndc sync` or `rndc sync spodhuis.org` does not recreate the
journal file.  Log file lines and `rndc zonestatus` below.

What are my options to recover?

Thanks,
-Phil


----------------------------8< cut here >8------------------------------
10-Jul-2014 16:18:49.194 general: info: zone spodhuis.org/IN (signed): next key event: 10-Jul-2014 17:18:49.192
[...]
10-Jul-2014 16:27:47.724 general: info: received control channel command 'sync spodhuis.org'
10-Jul-2014 16:27:47.724 general: info: sync: dumping zone 'spodhuis.org/IN': success
----------------------------8< cut here >8------------------------------

----------------------------8< cut here >8------------------------------
% rndc zonestatus spodhuis.org
name: spodhuis.org
type: master
files: master/db.spodhuis.org
serial: 2014070501
signed serial: 2014070525
nodes: 211
last loaded: Wed, 09 Jul 2014 00:18:47 GMT
secure: yes
inline signing: yes
key maintenance: automatic
next key event: Thu, 10 Jul 2014 17:18:49 GMT
next resign node: _443._tcp.security.spodhuis.org/CNAME
next resign time: Thu, 10 Jul 2014 18:08:35 GMT
dynamic: no
----------------------------8< cut here >8------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140710/98123cdc/attachment.bin>


More information about the bind-users mailing list