> I can install bind 9.9.0rc2 tomorrow and test with both nsupdate and rndc
> reload. I would also like to test DNSSEC automatic key rollover with
> inline signing again. I imagine this will be fixed in rc2, given the
> success of the patch you provided earlier. My next ZSK activation date is
> 3/1
> I suspect that something was wrong with the unsigned zone, 'rndc reload'
> failed to catch the problem, and so the zone got itself into a weird state.
> The exact circumstance in which I've seen this happen involved a failure to
> update the SOA serial, but there may be other triggers for it a
> As you mentioned, even a hard restart of the named process would not cause
> a resign of the zone, and not that I did it the last time around, but for
> sure removing the journal files and .signed zone file would cause named to
> update from the unsigned file and then the signed data would be co
n
> Cc: 'Alan Clegg'; bind-users@lists.isc.org
> Subject: Re: bind 9.9 & inline-signing issue..
>
> > As stated in a prior message, just the signed zone is not being
updated,
> > when I make an update to the unsigned zone file. The earlier posting
> > suggesting th
> As stated in a prior message, just the signed zone is not being updated,
> when I make an update to the unsigned zone file. The earlier posting
> suggesting that I do a "rndc reload " does indeed cause the signed
> zones to update, but you must specify the zone, just doing a "rndc reload"
> to
e-
> From: bind-users-bounces+howard=leadmon@lists.isc.org [mailto:bind-
> users-bounces+howard=leadmon@lists.isc.org] On Behalf Of Alan Clegg
> Sent: Monday, January 30, 2012 8:00 AM
> To: bind-users@lists.isc.org
> Subject: Re: bind 9.9 & inline-signing issue..
>
Alan Clegg wrote:
>
> Just be sure to watch for the extra SOA record. :)
Or use dig axfr +onesoa ...
Tony.
--
f.anthony.n.finchhttp://dotat.at/
South-east Iceland: Southerly 5 to 7, occasionally gale 8, but variable 4 at
first and later in west. Very rough, occasionally high later. Occasio
On 1/30/2012 11:59 AM, Mark Elkins wrote:
>>> Lastly - how does one 'view' the 'raw' format of a zone file?
>>
>> Use named-compilezone
>
> Guess that kind of makes some obscure logical sense. Works though
> I do think that 'named-compilezone' should be able to work out the
> format of the 'i
On Mon, 2012-01-30 at 13:38 +, Tony Finch wrote:
> Mark Elkins wrote:
> >
> > I also see...
> > $TTL 0 ; 0 seconds
> > TYPE65534 \# 5 ( 08467D0001 )
> > TYPE65534 \# 5 ( 0896730001 )
> > appearing on a secondary for this zone. What is it?
> > (Y
Mark Elkins wrote:
>
> I also see...
> $TTL 0 ; 0 seconds
> TYPE65534 \# 5 ( 08467D0001 )
> TYPE65534 \# 5 ( 0896730001 )
> appearing on a secondary for this zone. What is it?
> (Yes - an unknown data type - the secondary is running bind 9.8)
That
On 1/30/2012 5:28 AM, Howard Leadmon wrote:
> Jan 30 05:23:26 minbari named[30332]: zone leadmon.org/IN/external
> (unsigned): loaded serial 2012012901
> Jan 30 05:23:26 minbari named[30332]: zone leadmon.org/IN/external (signed):
> serial 2012012901 (unsigned 2012012901)
> Jan 30 05:23:26 minbari
Howard Leadmon
> -Original Message-
> From: Jan-Piet Mens [mailto:jpm...@gmail.com] On Behalf Of Jan-Piet
> Mens
> Sent: Monday, January 30, 2012 5:19 AM
> To: Howard Leadmon
> Cc: bind-users@lists.isc.org
> Subject: Re: bind 9.9 & inline-signing issue..
>
&g
> That said, instead of using 'rndc reload leadmon.org', I actually have to
> use 'rndc reload leadmon.org IN external', or internal as the case may be to
> separate the zone I am reloading.
Not here, in spite of multiple views; BIND 9.9.0rc1
-JP
_
oward Leadmon
> -Original Message-
> From: bind-users-bounces+howard=leadmon@lists.isc.org [mailto:bind-
> users-bounces+howard=leadmon@lists.isc.org] On Behalf Of Howard
> Leadmon
> Sent: Monday, January 30, 2012 4:14 AM
> To: 'Jan-Piet Mens'
> Cc:
reload should reload all
zones.
---
Howard Leadmon
> -Original Message-
> From: Jan-Piet Mens [mailto:jpm...@gmail.com] On Behalf Of Jan-Piet
> Mens
> Sent: Monday, January 30, 2012 3:47 AM
> To: Howard Leadmon
> Cc: bind-users@lists.isc.org
> Subject: Re: bind 9.9 & inli
On 01/30/2012 00:46, Jan-Piet Mens wrote:
>> After setting up a zone with DNSSEC using inline-signing, I have run into
>> the issue where if I do anything that updates the unsigned file that is
>> input into BIND, that it never seems to update the signed data it generated.
>
> I've previously [1]
> After setting up a zone with DNSSEC using inline-signing, I have run into
> the issue where if I do anything that updates the unsigned file that is
> input into BIND, that it never seems to update the signed data it generated.
I've previously [1] received "the Gold Star" for suggesting ;-)
Slept on this.
This morning 8+ hours later, no change.
Added a completely new record to the (unsigned) zone, updated the SOA
Serial and ran 'rndc reload':
Jan 30 09...: received control channel command 'reload'
Jan 30 09...: loading configuration from '/etc/bind/named.conf'
...
Jan 30 09...: zone
> After setting up a zone with DNSSEC using inline-signing, I have run into the
> issue where if I do anything that updates the unsigned file that is input
> into BIND, that it never seems to update the signed data it generated.
> As an example, I had serial number of 2012012701 in the test zone
I agree with you. I took your example and installed bind 9.9.0b2
I also updated my 'soa' in the unsigned...
Am getting the following in my log...
Jan 29...: zone test1.co.za/IN (unsigned): loaded serial 2012012901
Jan 29...: zone test1.co.za/IN (signed): loaded serial 200105
(DNSSEC signed)
A
Well after the various discussion a short while back, I decided to give
the inline-signing a run, and after setup I must say it did appear to do
what I expected. Of course anything that went that easy had to have a
snag, and it did, and at the moment I am wondering what I have missed so
figure
21 matches
Mail list logo
