Debug logging for auto-dnssec inline signing
matthew-l at itconsult.co.uk
Sat Nov 9 19:00:08 UTC 2019
What "category" should one be logging in order to get details of DNSSEC
inline signing when running Bind 9.8.11?
I have an authoratitive master server with a number of domains set with:-
and have a suspicion that Bind has simply stopped re-signing most of them.
This is based on monitoring of the time before expiry of signatures.
What I am looking for is the debug logging which shows Bind deciding what
needs resigning and when, as I would like to troubleshoot the issue. My
further suspicion is that restarting Bind would fix it.
Needless to say, there are no errors in the logs. I have tried the obvious
of turning up the "dnssec" logging to level 3, but get nothing at all so
With many thanks.
More information about the bind-users