Bind Resign Zone behavior
Milan Jeskynka Kazatel
KazatelM at seznam.cz
Tue Mar 10 13:54:49 UTC 2020
Hello Community,
I would like to figure out how to describe a Bind behavior when the zone is
repeatedly resigned. The Bind continuously did a resign process and
automatically increase the zone serial number which causes unexpected AXFR/
IXFR traffic on slave servers.
The zone has 180 records and the signed part seems to be unpredictable
between 1 and 57 records from the zone, which is visible in the stripped
log. The server time is not in GMT. My question is regarding configuration,
how to achieve the whole zone sign in the one-step? Bind version on Centos 7
- BIND 9.11.4-P2-RedHat-9.11.4-9.P2.el7 (Extended Support Version) Exists a
configuration variable?
rndc zonestatus 45.10.0.10.in-addr.arpa
name: 45.10.0.10.in-addr.arpa
type: master
files: 45.10.0.10.in-addr.arpa
serial: 2018111342
signed serial: 2018112075
nodes: 173
last loaded: Mon, 17 Feb 2020 09:28:28 GMT
secure: yes
inline signing: yes
key maintenance: automatic
next key event: Tue, 10 Mar 2020 13:44:01 GMT
next resign node: 35.45.10.0.10.in-addr.arpa/NSEC
next resign time: Tue, 10 Mar 2020 13:25:06 GMT
dynamic: no
reconfigurable via modzone: no
rndc zonestatus 45.10.0.10.in-addr.arpa
name: 45.10.0.10.in-addr.arpa
type: master
files: 45.10.0.10.in-addr.arpa
serial: 2018111342
signed serial: 2018112076
nodes: 173
last loaded: Mon, 17 Feb 2020 09:28:28 GMT
secure: yes
inline signing: yes
key maintenance: automatic
next key event: Tue, 10 Mar 2020 13:44:01 GMT
next resign node: 92.45.10.0.10.in-addr.arpa/NSEC
next resign time: Tue, 10 Mar 2020 14:18:11 GMT
dynamic: no
reconfigurable via modzone: no
Mar 10 14:03:47 testdnsserver01 named[16277]: client @0x7d61b00b7690 172.29.
62.4#41088 (45.10.0.10.in-addr.arpa): transfer of '45.10.0.10.in-addr.arpa/
IN': IXFR started (serial 2018112072 -> 2018112073)
Mar 10 14:03:47 testdnsserver01 named[16277]: client @0x7d61b00b7690 172.29.
62.4#41088 (45.10.0.10.in-addr.arpa): transfer of '45.10.0.10.in-addr.arpa/
IN': IXFR ended
Mar 10 14:11:33 testdnsserver01 named[16277]: zone 45.10.0.10.in-addr.arpa/
IN (signed): sending notifies (serial 2018112074)
Mar 10 14:11:33 testdnsserver01 named[16277]: client @0x7d61c801d000 172.29.
61.4#40137 (45.10.0.10.in-addr.arpa): transfer of '45.10.0.10.in-addr.arpa/
IN': IXFR started (serial 2018112073 -> 2018112074)
Mar 10 14:11:33 testdnsserver01 named[16277]: client @0x7d61c801d000 172.29.
61.4#40137 (45.10.0.10.in-addr.arpa): transfer of '45.10.0.10.in-addr.arpa/
IN': IXFR ended
Mar 10 14:14:10 testdnsserver01 named[16277]: client @0x7d61c80cd960 172.29.
62.4#41930 (45.10.0.10.in-addr.arpa): transfer of '45.10.0.10.in-addr.arpa/
IN': IXFR started (serial 2018112073 -> 2018112074)
Mar 10 14:14:10 testdnsserver01 named[16277]: client @0x7d61c80cd960 172.29.
62.4#41930 (45.10.0.10.in-addr.arpa): transfer of '45.10.0.10.in-addr.arpa/
IN': IXFR ended
Mar 10 14:17:38 testdnsserver01 named[16277]: zone 45.10.0.10.in-addr.arpa/
IN (signed): sending notifies (serial 2018112075)
Mar 10 14:17:38 testdnsserver01 named[16277]: client @0x7d61c8019550 172.29.
61.4#37636 (45.10.0.10.in-addr.arpa): transfer of '45.10.0.10.in-addr.arpa/
IN': IXFR started (serial 2018112074 -> 2018112075)
Mar 10 14:17:38 testdnsserver01 named[16277]: client @0x7d61c8019550 172.29.
61.4#37636 (45.10.0.10.in-addr.arpa): transfer of '45.10.0.10.in-addr.arpa/
IN': IXFR ended
Mar 10 14:18:09 testdnsserver01 named[16277]: client @0x7d61c801d000 172.29.
62.4#43508 (45.10.0.10.in-addr.arpa): transfer of '45.10.0.10.in-addr.arpa/
IN': IXFR started (serial 2018112074 -> 2018112075)
Mar 10 14:18:09 testdnsserver01 named[16277]: client @0x7d61c801d000 172.29.
62.4#43508 (45.10.0.10.in-addr.arpa): transfer of '45.10.0.10.in-addr.arpa/
IN': IXFR ended
Best regards,
--
Smil Milan Jeskyňka Kazatel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200310/5aa119e4/attachment.htm>
More information about the bind-users
mailing list