On 10/7/14 11:03 AM, Terry Burton wrote:
With inline signing you have a hidden serial number in the unsigned zone
and an exposed serial number in the signed versions which your slaves
track. After redeployment (following DR, emergency relocation, elastic
capacity expansion, etc.) I want to be able to bump the exposed serial
number (once) back to an appropriate value without having to modify the
unsigned zones.
(For context, the unsigned zone serial number matches the revision
number in a VCS to which the DNS infrastructure hosts and administrators
have read-only access, i.e. mandatory separation of infrastructure and
data access rights.)
* Check out the unmodified version of the unsigned zone
* Increase the serial number in the checked out copy to be past the one
in the signed zone
* rndc reload
* Delete the modified version of the zone file, and revert to the master
copy
... all of which is not to say that your request is not reasonable, just
letting you know that a solution exists.
hope this helps,
Doug
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
