Hi Matthew, sorry for my late answer.
> Am 07.06.2018 um 15:31 schrieb Matthew Pounsett <m...@conundrum.com>: > > > > On 7 June 2018 at 07:36, Axel Rau <axel....@chaos1.de> wrote: > Hi all, > > occasionally named 9.11.3 fails to increment SOA serial like here: > > file: 2018060605 dns: 2018060604 > > zone file was edited by script and a rndc reload given. > [...] > Manual fixing requires another cycle with zone file editing: > > > You don't say this clearly, but it sounds like you're reporting more than > just the serial not updating. Is that correct? Yes. > Are there actual updates to the zone that are not being picked up? Yes, that’s the point. If the problem happens, the signing machinery is blocked until resolved manually. I don’t know the reason. named-checkzone reported no errors, but in case of syntax-errors, named behaves similar. > As Tony says, the serial number can differ from the file to what's served > by the name server when the name server is doing automatic signing. > > Can you clarify which it is? I hope, I did (-: There is nothing special with this zone file: - - - [hermes:~] root# rndc zonestatus lrau.net name: lrau.net type: master files: master/signed/lrau.net/lrau.net.zone, master/signed/lrau.net/caldav.lrau.net.tlsa, master/signed/lrau.net/git3.lrau.net.tlsa, master/signed/lrau.net/git4.lrau.net.tlsa, master/signed/lrau.net/lists3.lrau.net.tlsa, master/signed/lrau.net/lists4.lrau.net.tlsa, master/signed/lrau.net/mailout3.lrau.net.tlsa, master/signed/lrau.net/mailout4.lrau.net.tlsa, master/signed/lrau.net/mx3.lrau.net.tlsa, master/signed/lrau.net/mx4.lrau.net.tlsa, master/signed/lrau.net/timap3.lrau.net.tlsa, master/signed/lrau.net/tmx3.lrau.net.tlsa, master/signed/lrau.net/acme_challenges.inc serial: 2018060805 signed serial: 2018060805 nodes: 88 last loaded: Thu, 07 Jun 2018 10:37:34 GMT secure: yes inline signing: yes key maintenance: automatic next key event: Sat, 09 Jun 2018 13:08:21 GMT next resign node: gw2.m6d2.lrau.net/NSEC next resign time: Fri, 29 Jun 2018 21:38:07 GMT dynamic: no reconfigurable via modzone: no [hermes:local/etc/namedb] root# named-checkzone lrau.net /usr/local/etc/namedb/master/signed/lrau.net/lrau.net.zone zone lrau.net/IN: loaded serial 2018060805 OK - - - Thanks, Axel --- PGP-Key:29E99DD6 ☀ computing @ chaos claudius _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
