Debug logging for auto-dnssec inline signing

Matthew Richardson matthew-l at
Sat Nov 9 19:00:08 UTC 2019

What "category" should one be logging in order to get details of DNSSEC
inline signing when running Bind 9.8.11?

I have an authoratitive master server with a number of domains set with:-

    inline-signing yes;
    auto-dnssec maintain;

and have a suspicion that Bind has simply stopped re-signing most of them.
This is based on monitoring of the time before expiry of signatures.

What I am looking for is the debug logging which shows Bind deciding what
needs resigning and when, as I would like to troubleshoot the issue.  My
further suspicion is that restarting Bind would fix it.

Needless to say, there are no errors in the logs.  I have tried the obvious
of turning up the "dnssec" logging to level 3, but get nothing at all so

With many thanks.

Best wishes,

More information about the bind-users mailing list