On 1/8/2013 13:48, Mike Hoskins (michoski) wrote:
Thanks for sharing both.
Like the built-in sanity checks...Wonder why the fedora folks don't
automate the serial number update, since in my experience that seems to be
one of the top silly mistakes with BIND updates?
Our push process sets that to the mtime of the zone for non-dynamic zones,
which seems to work well except for the occasional DNS validation tool
baulking that we're not using YYYYMMDDNN format. :-)
When I built my DNS zone creator, I got tired of users complaining that
their zones has "errors" and so I re-coded my serials to start with YYYY
followed by six digits based on the current date/time.
Oddly, that seems to fool most (although not all) of the DNS validation
tools out there, despite the fact that I generate things like 2012804572
which doesn't exactly have a "valid" MM or dd.
I've given up contacting so-called validation tools and asking them to
remove warnings about valid serials, they seem happier reporting
non-errors, and at best they'll return a "Not standard, but I guess it's
okay". It's a shame too, as these tools can provide a sanity check.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
