Re: Inline-signing feature request: Directly set the signed zone's serial number

On 10/7/2014 7:39 PM, Terry Burton wrote: Separate the data provider and DNS infrastructure provider and this predicament ensues. Ah, but here-in lies trouble. You are becoming the data provider as soon as you do the signing on the data. But I digress. What about "rndc sign -force" that wo

Re: Inline-signing feature request: Directly set the signed zone's serial number

On 7 Oct 2014 22:35, "Alan Clegg" wrote: > > On 10/7/2014 2:03 PM, Terry Burton wrote: >> >> On 7 Oct 2014 18:42, "Alan Clegg" > > wrote: >> > >> > On 10/7/2014 9:49 AM, Terry Burton wrote: >> > > This is especially useful in bootstrapping scenarios where the zone >> > >

RE: Inline-signing feature request: Directly set the signed zone's serial number

> -Original Message- > From: bind-users-boun...@lists.isc.org [mailto:bind-users- > boun...@lists.isc.org] On Behalf Of Alan Clegg > Sent: Wednesday, 8 October 2014 8:35 AM > To: bind-users@lists.isc.org > Subject: Re: Inline-signing feature request: Directly set the signed > zone's serial

Re: Inline-signing feature request: Directly set the signed zone's serial number

On 10/7/2014 2:03 PM, Terry Burton wrote: On 7 Oct 2014 18:42, "Alan Clegg" mailto:a...@clegg.com>> wrote: > > On 10/7/2014 9:49 AM, Terry Burton wrote: > > This is especially useful in bootstrapping scenarios where the zone > > data is held under strict revision control or generated by som

Re: Inline-signing feature request: Directly set the signed zone's serial number

On 7 Oct 2014 21:44, "Doug Barton" wrote: > > On 10/7/14 11:03 AM, Terry Burton wrote: > >> With inline signing you have a hidden serial number in the unsigned zone >> and an exposed serial number in the signed versions which your slaves >> track. After redeployment (following DR, emergency reloca

Re: Inline-signing feature request: Directly set the signed zone's serial number

On 10/7/14 11:03 AM, Terry Burton wrote: With inline signing you have a hidden serial number in the unsigned zone and an exposed serial number in the signed versions which your slaves track. After redeployment (following DR, emergency relocation, elastic capacity expansion, etc.) I want to be ab

Re: Inline-signing feature request: Directly set the signed zone's serial number

On 7 Oct 2014 18:42, "Alan Clegg" wrote: > > On 10/7/2014 9:49 AM, Terry Burton wrote: > > This is especially useful in bootstrapping scenarios where the zone > > data is held under strict revision control or generated by some > > provisioning system that "owns" the serial number. > > By setting t

Re: Inline-signing feature request: Directly set the signed zone's serial number

On 10/7/2014 9:49 AM, Terry Burton wrote: > This is especially useful in bootstrapping scenarios where the zone > data is held under strict revision control or generated by some > provisioning system that "owns" the serial number. By setting the number backwards, you are breaking all of your slav

Inline-signing feature request: Directly set the signed zone's serial number

Hi, After reinitialising the inline-signing process (for example by removing the journal files or redeploying the master server) the freshly signed zone's serial number will usually be behind the authoritative version on the slaves causing transfers to fail — possibly leading to expired signatures