DNSSEC zones not updated

Jukka Pakkanen jukka.pakkanen at qnet.fi
Wed Jan 22 12:03:50 UTC 2020


Both, and notifies/ixfr:s work fine. After updating the zone, the log shows the records are updated in the slaves. Feel free to query the servers...


Get Outlook for Android<https://aka.ms/ghei36>

________________________________
From: Sten Carlsen <stenc at s-carlsen.dk>
Sent: Wednesday, January 22, 2020, 12:56
To: Jukka Pakkanen
Cc: bind-users at isc.org
Subject: Re: DNSSEC zones not updated

Just a basic question, are you querying the master or a slave. If a slave, it could be the notify/transfer.


Thanks

Sten

On 22 Jan 2020, at 12.11, Jukka Pakkanen <jukka.pakkanen at qnet.fi<mailto:jukka.pakkanen at qnet.fi>> wrote:


Running BIND 9.14.9 Windows.   The zone data is not updated for some reason anymore, and same problem in all our signed zones. Example "gemtrade.fi<http://gemtrade.fi/>":

zone "gemtrade.fi<http://gemtrade.fi/>" {
    type master;
    file "named.gemtrade";
    inline-signing yes;
    auto-dnssec maintain;
};

;
;    File:      named.gemtrade
;
$TTL 60
@        IN SOA    ns1.qnet.fi<http://ns1.qnet.fi/>. helpdesk.qnet.fi<http://helpdesk.qnet.fi/>. (
              202001234  ; serial number
              28800      ; refresh every 12 hours
              7200       ; retry after 2 hours
              604800     ; expire after 2 weeks
              33600)     ; default ttl is 2 days
gemtrade.fi<http://gemtrade.fi/>.        IN A      62.142.217.154
                             IN MX     55 qntsrv8.qnet.fi<http://qntsrv8.qnet.fi/>.
                IN MX     25 qntsrv9.qnet.fi<http://qntsrv9.qnet.fi/>.
                             IN NS     ns1.qnet.fi<http://ns1.qnet.fi/>.
                             IN NS     ns2.qnet.fi<http://ns2.qnet.fi/>.
                             IN NS     ns3.qnet.fi<http://ns3.qnet.fi/>.
www             IN A             62.142.217.154
_autodiscover._tcp      IN SRV    0 5 443 mail.qnet.fi<http://mail.qnet.fi/>.
localhost.gemtrade.fi<http://localhost.gemtrade.fi/>.       IN A      127.0.0.1


Used to work fine, now no matter what change I make to the zone file and reload, it does not show up in queries, but the old data, weeks behind.  The SOA & serial numbers *are* updating in the queries, but the actual records not.  Example the MX records, currently I have priorities 55 and 25, still inquiries return the old 20 and 20. Same with any records, the changes does not get updated.

Deleting the .jnl file does not help, after "rndc reload gemtrade.fi<http://gemtrade.fi/>" a new .jnl file is created, but queries still return old data.

The named process has all possible rights in the file structure.

What might be wrong?

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200122/eebd23b3/attachment.htm>


More information about the bind-users mailing list