Hi,
I'm running the following bind version: BIND 9.9.5-9+deb8u3-Debian
I've tried to setup auto-signing dnssec, by adding the following to my zone-statement:
auto-dnssec maintain;
inline-signing yes;
inline-signing yes;
The auto-signing seems to work, but only once. I tried doing a ZSK rollover, and from the moment, the new key was supposed to apeear in the zone, I get the following error messages in my log, every five minutes:
named[14543]: zone myzone.de/IN/world (signed): reconfiguring zone keys
named[14543]: malformed transaction: /var/bind/myzone.de.zone.signed.jnl last serial 2015100307 != transaction first serial 2015100306
named[14543]: zone myzone.de/IN/world (signed): zone_rekey:dns_journal_write_transaction -> unexpected error
named[14543]: malformed transaction: /var/bind/myzone.de.zone.signed.jnl last serial 2015100307 != transaction first serial 2015100306
named[14543]: zone myzone.de/IN/world (signed): zone_rekey:dns_journal_write_transaction -> unexpected error
I don't completely understand the problem, but it appears as if bind tries to increase the serial of the zone and then fails somehow.
Did I forget to configure something? Hos can I avoid this problem?
Thanks
M.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
