<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">I have opened up a Bug ticket with ISC on this - #26676, but I just wanted to make sure that I’m not doing anything “wrong” that may be causing the issue.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Has anyone been able to get inline-signing to work on a static master zone using an authoritative server?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">When we manually change the Master static zone file – ualbanytest.org – the signed and signed.jnl files are not getting an update – as shown by the time/date stamps below (just using rndc reload).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">-rw-rw-r-- 1 named root 1077 Nov 22 11:22 ualbanytest.org<o:p></o:p></p>
<p class="MsoNormal">-rw------- 1 named named 9415 Nov 22 11:14 ualbanytest.org.signed<o:p></o:p></p>
<p class="MsoNormal">-rw------- 1 named named 12041 Nov 22 11:02 ualbanytest.org.signed.jnl<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The log shows the correct serial for the unsigned zone, but then pulls the wrong signed file.<o:p></o:p></p>
<p class="MsoNormal">>>>>>>><o:p> </o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.314 general: info: received control channel command 'reload'<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.314 general: info: loading configuration from '/etc/named.conf'<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.315 general: info: using default UDP/IPv4 port range: [1024, 65535]<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.315 general: info: using default UDP/IPv6 port range: [1024, 65535]<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.316 general: info: sizing zone task pool based on 4 zones<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.318 general: info: zone ualbanytest.org/IN (signed): (master) removed<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.318 general: info: reloading configuration succeeded<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.318 general: info: reloading zones succeeded<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (unsigned): loaded serial 2011112201<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (signed): loaded serial 2011112114 (DNSSEC signed)<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.320 general: notice: all zones loaded<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.320 general: notice: running<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (signed): reconfiguring zone keys<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.321 general: info: zone ualbanytest.org/IN (signed): next key event: 22-Nov-2011 11:35:28.321<o:p></o:p></p>
<p class="MsoNormal">22-Nov-2011 11:25:28.321 notify: info: zone ualbanytest.org/IN (signed): sending notifies (serial 2011112114)<o:p></o:p></p>
<p class="MsoNormal">>>>>>>><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">From Named.conf:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">>>>>>>>>>>>>>>>>>>>>>>>><o:p> </o:p></p>
<p class="MsoNormal">options {<o:p></o:p></p>
<p class="MsoNormal"> directory "/conf";<o:p></o:p></p>
<p class="MsoNormal"> pid-file "/var/run/named.pid";<o:p></o:p></p>
<p class="MsoNormal"> statistics-file "/var/run/named.stats";<o:p></o:p></p>
<p class="MsoNormal"> dump-file "/var/run/named.db";<o:p></o:p></p>
<p class="MsoNormal"> version "[secured]";<o:p></o:p></p>
<p class="MsoNormal"> dnssec-enable yes;<o:p></o:p></p>
<p class="MsoNormal"> sig-validity-interval 10;<o:p></o:p></p>
<p class="MsoNormal"> dnssec-loadkeys-interval 10;<o:p></o:p></p>
<p class="MsoNormal"> empty-zones-enable no;<o:p></o:p></p>
<p class="MsoNormal">};<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># DNSSEC Zone<o:p></o:p></p>
<p class="MsoNormal">zone "ualbanytest.org" {<o:p></o:p></p>
<p class="MsoNormal"> type master;<o:p></o:p></p>
<p class="MsoNormal"> file "ualbanytest.org";<o:p></o:p></p>
<p class="MsoNormal"> auto-dnssec maintain;<o:p></o:p></p>
<p class="MsoNormal"> inline-signing yes; <o:p></o:p></p>
<p class="MsoNormal"> key-directory "/conf";<o:p></o:p></p>
<p class="MsoNormal"> serial-update-method increment;<o:p></o:p></p>
<p class="MsoNormal">};<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">>>>>>>>>>>>>>>>>>>>>><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Has anyone gotten this to work on an authoritative (meaning that I am missing something) or is it a “real” bug? I just don’t want to be claiming it’s a “bug” if it’s something that I messed up or fat fingered
<span style="font-family:Wingdings">J</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks you all in advance.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">-Kevin <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoPlainText">Kevin McConville<o:p></o:p></p>
<p class="MsoPlainText">University at Albany<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>