Inline-signing feature request: Directly set the signed zone's serial number

Terry Burton tez at
Tue Oct 7 13:49:39 UTC 2014


After reinitialising the inline-signing process (for example by
removing the journal files or redeploying the master server) the
freshly signed zone's serial number will usually be behind the
authoritative version on the slaves causing transfers to fail —
possibly leading to expired signatures, zone expiry, etc.

Currently, bumping the serial number of the unsigned zones to exceed
that of the slaves is required, however it would be /convenient/ to
have a one-shot method (perhaps via rndc) for specifying the signed
zone serial number such that this doesn't require edits to the
unsigned zone files.

This is especially useful in bootstrapping scenarios where the zone
data is held under strict revision control or generated by some
provisioning system that "owns" the serial number.

Am I on my own with this or would others find this useful?



More information about the bind-users mailing list