I have opened up a Bug ticket with ISC on this - #26676, but I just wanted to make sure that I'm not doing anything "wrong" that may be causing the issue.
Has anyone been able to get inline-signing to work on a static master zone using an authoritative server? When we manually change the Master static zone file - ualbanytest.org - the signed and signed.jnl files are not getting an update - as shown by the time/date stamps below (just using rndc reload). -rw-rw-r-- 1 named root 1077 Nov 22 11:22 ualbanytest.org -rw------- 1 named named 9415 Nov 22 11:14 ualbanytest.org.signed -rw------- 1 named named 12041 Nov 22 11:02 ualbanytest.org.signed.jnl The log shows the correct serial for the unsigned zone, but then pulls the wrong signed file. >>>>>>> 22-Nov-2011 11:25:28.314 general: info: received control channel command 'reload' 22-Nov-2011 11:25:28.314 general: info: loading configuration from '/etc/named.conf' 22-Nov-2011 11:25:28.315 general: info: using default UDP/IPv4 port range: [1024, 65535] 22-Nov-2011 11:25:28.315 general: info: using default UDP/IPv6 port range: [1024, 65535] 22-Nov-2011 11:25:28.316 general: info: sizing zone task pool based on 4 zones 22-Nov-2011 11:25:28.318 general: info: zone ualbanytest.org/IN (signed): (master) removed 22-Nov-2011 11:25:28.318 general: info: reloading configuration succeeded 22-Nov-2011 11:25:28.318 general: info: reloading zones succeeded 22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (unsigned): loaded serial 2011112201 22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (signed): loaded serial 2011112114 (DNSSEC signed) 22-Nov-2011 11:25:28.320 general: notice: all zones loaded 22-Nov-2011 11:25:28.320 general: notice: running 22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (signed): reconfiguring zone keys 22-Nov-2011 11:25:28.321 general: info: zone ualbanytest.org/IN (signed): next key event: 22-Nov-2011 11:35:28.321 22-Nov-2011 11:25:28.321 notify: info: zone ualbanytest.org/IN (signed): sending notifies (serial 2011112114) >>>>>>> >From Named.conf: >>>>>>>>>>>>>>>>>>>>>>>> options { directory "/conf"; pid-file "/var/run/named.pid"; statistics-file "/var/run/named.stats"; dump-file "/var/run/named.db"; version "[secured]"; dnssec-enable yes; sig-validity-interval 10; dnssec-loadkeys-interval 10; empty-zones-enable no; }; # DNSSEC Zone zone "ualbanytest.org" { type master; file "ualbanytest.org"; auto-dnssec maintain; inline-signing yes; key-directory "/conf"; serial-update-method increment; }; >>>>>>>>>>>>>>>>>>>>> Has anyone gotten this to work on an authoritative (meaning that I am missing something) or is it a "real" bug? I just don't want to be claiming it's a "bug" if it's something that I messed up or fat fingered :) Thanks you all in advance. Thanks, -Kevin Kevin McConville University at Albany
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users