incorrect section name: $ORIGIN
dot at dotat.at
Tue Feb 5 14:09:55 UTC 2019
@lbutlr <kremels at kreme.com> wrote:
> No. I was under the impression that when bind reloaded (rndc reload
> and/or service named stop/start and/or service named reload) and saw a
> new serial number, it would generate a new .signed file for that zone as
> part of the process of refreshing its information and notifying the
It's all incremental these days, because regenerating the signed zone from
scratch can be very expensive.
In general, if you are using modern features like update-policy and
auto-dnssec, then `named` considers that it has complete responsibility
for the zone files (because it needs to be able to update them whenever
necessary), which is why you have to explicitly freeze and thaw them.
As far as I know, inline-signing doesn't allow you to escape this
requirement, but I don't use it so I may be wrong.
> So, right now, given that I did not freeze/thaw nor did I make the edits
> via nsupdate, how do I get the .signed files to be regenerated from the
> existing example.com zone file?
Stop the server, delete the .signed and .signed.jnl files, and restart the
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
sovereignty rests with the people and authority
in a democracy derives from the people
More information about the bind-users