On Thu, 19 Dec 2013, Evan Hunt wrote:
You're using inline-signing? Which server do you have doing the signing?
Only the master has 'auto-dnssec maintain' in the zone config.
Name servers can get out of sync because the slaves haven't refreshed recently, but in that case I would expect the master would be ahead of the slave, not the other way around.
Yes I know.
If you're using inline-signing and you have the slave signing, then the slave's serial number would get ahead of the master's... but in that case, the master should be "hidden" -- it shouldn't be listed in the NS RRset for the zone, and a consistency check should ignore it.
No, the slaves don't do any signing, just the master. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
