Bind 9.11.13 - inline re-signing stops

[Tony Finch]

Matthew Richardson <matthew-l at itconsult.co.uk> wrote:

> Having upgraded to 9.11.15 I am still seeing similar problems, where some
> zones stop updating their signatures.

I recently had a signing problem on my toy server which I think was
caused by a cockup with `rndc freeze`. It was not easy to get named to
re-start re-signing the zones properly :-(

One symptom was that the broken zones had "resign" times in the past. I'm
using raw format zones without inline signing, so I can look at this with:

	named-compilezone -j -f raw -o /dev/stdout $zone $file |
	grep resign | sort -r

With inline-signing you want to look at the .signed file.

I tried deliberately breaking a zone with `rndc freeze` but it recovered
OK. One difference was that my deliberately broken zone had the same time
on all its signatures, so there wasn't a mixture of past and future resign
times.

So, no bright ideas here I'm afraid.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
South Biscay, Southeast Fitzroy: Variable 2 to 4 becoming southwesterly 4 to
6. Rough or very rough. Rain later. Moderate or good.