inline-signing: SOA serial out of sync
Axel.Rau at Chaos1.DE
Sat Jun 9 13:20:51 UTC 2018
sorry for my late answer.
> Am 07.06.2018 um 15:31 schrieb Matthew Pounsett <matt at conundrum.com>:
> On 7 June 2018 at 07:36, Axel Rau <Axel.Rau at chaos1.de> wrote:
> Hi all,
> occasionally named 9.11.3 fails to increment SOA serial like here:
> file: 2018060605 dns: 2018060604
> zone file was edited by script and a rndc reload given.
> Manual fixing requires another cycle with zone file editing:
> You don't say this clearly, but it sounds like you're reporting more than just the serial not updating. Is that correct?
> Are there actual updates to the zone that are not being picked up?
Yes, that’s the point. If the problem happens, the signing machinery is blocked until resolved manually.
I don’t know the reason. named-checkzone reported no errors, but in case of syntax-errors, named behaves similar.
> As Tony says, the serial number can differ from the file to what's served by the name server when the name server is doing automatic signing.
> Can you clarify which it is?
I hope, I did (-:
There is nothing special with this zone file:
- - -
[hermes:~] root# rndc zonestatus lrau.net
files: master/signed/lrau.net/lrau.net.zone, master/signed/lrau.net/caldav.lrau.net.tlsa, master/signed/lrau.net/git3.lrau.net.tlsa, master/signed/lrau.net/git4.lrau.net.tlsa, master/signed/lrau.net/lists3.lrau.net.tlsa, master/signed/lrau.net/lists4.lrau.net.tlsa, master/signed/lrau.net/mailout3.lrau.net.tlsa, master/signed/lrau.net/mailout4.lrau.net.tlsa, master/signed/lrau.net/mx3.lrau.net.tlsa, master/signed/lrau.net/mx4.lrau.net.tlsa, master/signed/lrau.net/timap3.lrau.net.tlsa, master/signed/lrau.net/tmx3.lrau.net.tlsa, master/signed/lrau.net/acme_challenges.inc
signed serial: 2018060805
last loaded: Thu, 07 Jun 2018 10:37:34 GMT
inline signing: yes
key maintenance: automatic
next key event: Sat, 09 Jun 2018 13:08:21 GMT
next resign node: gw2.m6d2.lrau.net/NSEC
next resign time: Fri, 29 Jun 2018 21:38:07 GMT
reconfigurable via modzone: no
[hermes:local/etc/namedb] root# named-checkzone lrau.net /usr/local/etc/namedb/master/signed/lrau.net/lrau.net.zone
zone lrau.net/IN: loaded serial 2018060805
- - -
PGP-Key:29E99DD6 ☀ computing @ chaos claudius
More information about the bind-users