incorrect section name: $ORIGIN
kremels at kreme.com
Tue Feb 5 13:45:15 UTC 2019
> On 5 Feb 2019, at 04:57, Tony Finch <dot at dotat.at> wrote:
> @lbutlr <kremels at kreme.com> wrote:
>> OK, then how do I get Bind9.122 to update the .signed files?
> Did you see my previous message?
I did not, sorry.
>> Are you doing `rndc freeze` and `rndc thaw` before and after editing the
>> unsigned zone file?
No. I was under the impression that when bind reloaded (rndc reload and/or service named stop/start and/or service named reload) and saw a new serial number, it would generate a new .signed file for that zone as part of the process of refreshing its information and notifying the slaves.
It appears that I need an entirely different workflow that the one I've been using for the last couple of decades of editing the zone files and reloading the DNS server.
So, to update a zone now I should either use nsupdate to make the changes, or I should rndc freeze, edit the file, rndc thaw.
>> How are you checking the signed zone?
dig +dnssec example.com @127.0.0.1
So, right now, given that I did not freeze/thaw nor did I make the edits via nsupdate, how do I get the .signed files to be regenerated from the existing example.com zone file?
Two, Four, Six, Eight! Time to Transubstantiate!
More information about the bind-users