inline-signing: SOA serial out of sync
Matthew Pounsett
matt at conundrum.com
Thu Jun 14 13:44:38 UTC 2018
On 14 June 2018 at 06:27, Axel Rau <Axel.Rau at chaos1.de> wrote:
>
> Am 07.06.2018 um 13:36 schrieb Axel Rau <Axel.Rau at chaos1.de>:
>
>
> occasionally named 9.11.3 fails to increment SOA serial like here:
>
> file: 2018060605 dns: 2018060604
>
>
> It just happened again. An included zone file has been changed from 2 TLSA
> RRs to one:
> - - -
> _443._tcp.git.nussberg.de. 3600 IN TLSA 3 0 1
> DAE0AC343A6694DEAF0BAB42FC8A6B1F82E42799654BD667B458DC91655C6AB4
> - - -
> After reload no TLSAs are picked up by the server:
> - - -
> [hermes:local/etc/rc.d] root# dig AXFR nussberg.de. @localhost | grep TLSA
> [hermes:local/etc/rc.d] root#
>
This now sounds very different from the original report. Are you saying
that the zone started with two TLSA records, you changed it to have only
one, reloaded the zone, but then none were present?
That's a very different problem from just not picking up a zone update.
Have you checked the logs for errors during zone loading?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180614/b090348f/attachment.html>
More information about the bind-users
mailing list