Inline-signing feature request: Directly set the signed zone's serial number
Terry Burton
tez at terryburton.co.uk
Tue Oct 7 13:49:39 UTC 2014
Hi,
After reinitialising the inline-signing process (for example by
removing the journal files or redeploying the master server) the
freshly signed zone's serial number will usually be behind the
authoritative version on the slaves causing transfers to fail —
possibly leading to expired signatures, zone expiry, etc.
Currently, bumping the serial number of the unsigned zones to exceed
that of the slaves is required, however it would be /convenient/ to
have a one-shot method (perhaps via rndc) for specifying the signed
zone serial number such that this doesn't require edits to the
unsigned zone files.
This is especially useful in bootstrapping scenarios where the zone
data is held under strict revision control or generated by some
provisioning system that "owns" the serial number.
Am I on my own with this or would others find this useful?
Thanks,
Terry
More information about the bind-users
mailing list