Inline-signing feature request: Directly set the signed zone's serial number

Darcy Kevin (FCA) kevin.darcy at
Fri Oct 17 17:06:12 UTC 2014

	If you had to do this all over again, and your tools are flexible enough to handle arbitrary RRTYPEs, you might consider using a "private" RRTYPE (in the 65280-65534 range). See and/or

Repurposing HINFO for something other than expressing host-related info, is just downright confusing/surprising. Principle of Least Astonishment.

												- Kevin

-----Original Message-----
From: bind-users-bounces at [mailto:bind-users-bounces at] On Behalf Of Chris Thompson
Sent: Friday, October 17, 2014 12:23 PM
To: Bind Users Mailing List
Cc: Tony Finch
Subject: Re: Inline-signing feature request: Directly set the signed zone's serial number

On Oct 8 2014, Tony Finch wrote:

>Terry Burton <tez at> wrote:
>> This is especially useful in bootstrapping scenarios where the zone 
>> data is held under strict revision control or generated by some 
>> provisioning system that "owns" the serial number.
>Our provisioning system used to think it owned zone serial numbers, but 
>when we started signing we moved the version tag into an HINFO record.

In case anyone wonders "why HINFO?", this was because

1. No-one wants to use HINFO at a zone apex for any other reason.
2. As a very ancient type, even early Windows DNS Server implementations
   didn't object to it when slaving the zones.
3. One can put arbitrary text strings in it.

... but also for the much less reputable

4. As a low numbered type, it got sorted immediately after the apex
   SOA and NS records in a zone file normalised by "named-checkzone -D".

Well, it served me right when we later had to put an A record (sorts before
HINFO) at the apex of and I had to modify our normalised-zone-file- comparsion program to allow for that! 

Chris Thompson
Email: cet1 at

Please visit to unsubscribe from this list

bind-users mailing list
bind-users at

More information about the bind-users mailing list