Zone transfers can be lost forever

jean-christophe manciot actionmystique at gmail.com
Thu Oct 17 19:48:21 UTC 2019


>
> If the zone file on the primary can be edited by `named` (dynamic
> updates, signing, etc) then you need to `rndc freeze`, edit, `rndc thaw`
> instead.

 I did all that, even restarted the systemd service on the primary after
noticing the the issue.
Then, on *both* servers:

*named-checkzone -j -D -f raw -o - sdxlive.com
<http://sdxlive.com> /etc/bind/db.sdxlive.com.signed*

*zone sdxlive.com/IN <http://sdxlive.com/IN>: loaded serial 2019101614
(DNSSEC signed)OK*



On Thu, Oct 17, 2019 at 1:41 PM Tony Finch <dot at dotat.at> wrote:

> jean-christophe manciot <actionmystique at gmail.com> wrote:
>
> > However, if I increment the serial number (SN) on the primary from
> > 2019101614 to 2019101709 and order a retransfer on the secondary with
> "rndc
> > retransfer sdxlive.com", I get in the logs:
> > *on the primary*:
> >
> > (serial 2019101614)
>
> Did you `rndc reload sdxlive.com` on the primary?
>
> If the zone file on the primary can be edited by `named` (dynamic
> updates, signing, etc) then you need to `rndc freeze`, edit, `rndc thaw`
> instead.
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> Hebrides, Bailey: Southeast backing northeast 4 to 6, occasionally 7 in
> Bailey. Rough or very rough, occasionally moderate later in Hebrides.
> Showers.
> Moderate.
>


-- 
Jean-Christophe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191017/391735bd/attachment.htm>


More information about the bind-users mailing list