BIND-9.16.1 & KASP
each at isc.org
Mon Apr 13 18:54:36 UTC 2020
On Mon, Apr 13, 2020 at 02:22:53PM +0200, Mark Elkins wrote:
> Question - What are the "TYPE65534" records? What are they saying? I am
> using "DiG 9.16.1" so surprised it doesn't know.
This is a mechanism named uses to keep track of the status of zone
signing operations, so that if there's a crash or power outage before
signing is complete, it'll know which step it needs to resume on. To
see the status in a human-readable form, use "rndc signing -list <zone>".
If it says signing is complete, you're free to remove the records
with "rndc signing -clear all <zone>".
> My zones '$TTL' is 1200... so I would have thought the CDS record would
> have appeared by now.
> I "signed" the zone at Apr 12 21:27 +02:00 and its now 16 hours later. I
> thought the biggest delay factor is the zones $TTL, often set to one day.
I'm... not sure CDS is published automaitcally yet. I'd have to check to be
sure, but I think that's coming in a future release.
> Looks like the SOA Serial Number still needs to be maintained manually.
> Was expecting a more OpenDNSSEC approach. Would love an automated
> YYYYMMDDxx number - date it was last 'modified'. Would be perfect for
> small zones that are rarely updated.
I think the zone option "serial-update-method date;" does this. (I haven't
tested it with dnssec-policy though.)
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users