Firstly a big thank you to Mark and Ondrej for their assistance, which tracked down the issue. I understand will be fixed in the next releases.
My particular issue seemed to relate to the unsigned zonefiles being touched (by my automation) without the contents changing, followed by an "rndc reload". This caused some domains to stop re-signing, the symptom of which could be seen by the lack of "next key event:" in the logs for the failing domains. It turned out that "rndc reconfig" fixed the issue, making it easy to work around the problem. Best wishes, Matthew ------ >From: Matthew Richardson <matthe...@itconsult.co.uk> >To: BIND Users <bind-users@lists.isc.org> >Cc: >Date: Sat, 22 Feb 2020 19:49:22 +0000 >Subject: Re: Bind 9.11.13 - inline re-signing stops >Dear Ondrej, > >Thank you for your advice below. I have attempted a dump on the live >running server and have uploaded the results to issue #1627. > >If I need to try again, please let me know... :-) > >There are a few more days before I need to restart Named. > >Best wishes, >Matthew > > ------ >>From: Ond?ej Surý <ond...@isc.org> >>To: Matthew Richardson <matthe...@itconsult.co.uk> >>Cc: BIND Users <bind-users@lists.isc.org> >>Date: Thu, 20 Feb 2020 18:07:50 +0100 >>Subject: Re: Bind 9.11.13 - inline re-signing stops > >>Hi Matthew, >> >>well write some generic instruction on how to get a coredump from a running >>named >>(without crashing it) - generally you want to use gcore[1]. >> >>Then here you can continue as if the named has crashed and get us a thread >>stack trace[2]. >> >>As we need to access very specific data structure, please add the information >>to the issue >>you have opened, and well pick it up from there. You can also share the >>coredump and the >>binaries with us using pandora.isc.org service, but please be aware that the >>memory dump >>can (and probably will) contain the DNSSEC signing private keys. >> >>Ondrej >> >>1. https://www.systutorials.com/docs/linux/man/1-gcore/ >>2. https://kb.isc.org/docs/aa-00340 >> >>Ondrej _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
