<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">Am 07.06.2018 um 13:36 schrieb Axel Rau <<a href="mailto:Axel.Rau@chaos1.de" class="">Axel.Rau@chaos1.de</a>>:</div><br class="Apple-interchange-newline"><div class=""><br style="font-family: Menlo-Regular; font-size: 11px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Menlo-Regular; font-size: 11px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">occasionally named 9.11.3 fails to increment SOA serial like here:</span><br style="font-family: Menlo-Regular; font-size: 11px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Menlo-Regular; font-size: 11px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span class="Apple-tab-span" style="font-family: Menlo-Regular; font-size: 11px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: pre; word-spacing: 0px; -webkit-text-stroke-width: 0px;">   </span><span style="font-family: Menlo-Regular; font-size: 11px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">file: 2018060605 dns: 2018060604</span><br style="font-family: Menlo-Regular; font-size: 11px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""></div></blockquote></div><div class=""><br class=""></div>It just happened again. An included zone file has been changed from 2 TLSA RRs to one:<div class=""><div class="">- - -</div><div class="">_443._<a href="http://tcp.git.nussberg.de" class="">tcp.git.nussberg.de</a>. 3600 IN TLSA 3 0 1 DAE0AC343A6694DEAF0BAB42FC8A6B1F82E42799654BD667B458DC91655C6AB4</div><div class="">- - -</div><div class="">After reload no TLSAs are picked up by the server:</div><div class="">- - -</div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">[hermes:local/etc/rc.d] root# dig AXFR <a href="http://nussberg.de" class="">nussberg.de</a>. @localhost | grep TLSA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">[hermes:local/etc/rc.d] root#</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><div style="font-family: Helvetica; font-size: 12px;" class="">- - -</div><div class="">Zone status:</div><div class="">- - -</div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">[hermes:local/etc/rc.d] root# rndc zonestatus <a href="http://nussberg.de" class="">nussberg.de</a></span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">name: <a href="http://nussberg.de" class="">nussberg.de</a></span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">type: master</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">files: master/signed/<a href="http://nussberg.de/nussberg.de.zone" class="">nussberg.de/nussberg.de.zone</a>, master/signed/<a href="http://nussberg.de/git.nussberg.de.tlsa" class="">nussberg.de/git.nussberg.de.tlsa</a>, master/signed/<a href="http://nussberg.de/acme_challenges.inc" class="">nussberg.de/acme_challenges.inc</a></span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">serial: 2018061301</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">signed serial: 2018060702</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">nodes: 12</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">last loaded: Tue, 05 Jun 2018 07:08:59 GMT</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">secure: yes</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">inline signing: yes</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">key maintenance: automatic</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">next key event: Thu, 14 Jun 2018 10:05:11 GMT</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">next resign node: email1._<a href="http://domainkey.nussberg.de/TXT" class="">domainkey.nussberg.de/TXT</a></span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">next resign time: Sun, 17 Jun 2018 19:29:37 GMT</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">dynamic: no</span></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">reconfigurable via modzone: no</span></div><div class="">- - -</div><div class="">What else can I collect to help fixing this?</div><div class=""><br class=""></div><div class="">Thanks, Axel</div><div class=""><br class=""></div><div class="">PS: Why does</div><div class=""><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">dig TLSA _443._<a href="http://tcp.git.nussberg.de" class="">tcp.git.nussberg.de</a>. @localhost</span></div></div><div style="margin: 0px; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">not work at all?</span></div></span></div><div class=""><span style="orphans: 2; text-align: -webkit-auto; widows: 2;" class="">---</span></div><div class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">PGP-Key:29E99DD6  ☀  computing @ chaos claudius</div></div></div>
</div>
<br class=""></div></body></html>