> Am 07.06.2018 um 13:36 schrieb Axel Rau <axel....@chaos1.de>: > > > occasionally named 9.11.3 fails to increment SOA serial like here: > > file: 2018060605 dns: 2018060604
It just happened again. An included zone file has been changed from 2 TLSA RRs to one: - - - _443._tcp.git.nussberg.de. 3600 IN TLSA 3 0 1 DAE0AC343A6694DEAF0BAB42FC8A6B1F82E42799654BD667B458DC91655C6AB4 - - - After reload no TLSAs are picked up by the server: - - - [hermes:local/etc/rc.d] root# dig AXFR nussberg.de. @localhost | grep TLSA [hermes:local/etc/rc.d] root# - - - Zone status: - - - [hermes:local/etc/rc.d] root# rndc zonestatus nussberg.de name: nussberg.de type: master files: master/signed/nussberg.de/nussberg.de.zone, master/signed/nussberg.de/git.nussberg.de.tlsa, master/signed/nussberg.de/acme_challenges.inc serial: 2018061301 signed serial: 2018060702 nodes: 12 last loaded: Tue, 05 Jun 2018 07:08:59 GMT secure: yes inline signing: yes key maintenance: automatic next key event: Thu, 14 Jun 2018 10:05:11 GMT next resign node: email1._domainkey.nussberg.de/TXT next resign time: Sun, 17 Jun 2018 19:29:37 GMT dynamic: no reconfigurable via modzone: no - - - What else can I collect to help fixing this? Thanks, Axel PS: Why does dig TLSA _443._tcp.git.nussberg.de. @localhost not work at all? --- PGP-Key:29E99DD6 ☀ computing @ chaos claudius
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
