Tony Finch <[email protected]> wrote: > dramaley <[email protected]> wrote: > > > Hello. I'm running Bind 9.9.4 (the default that comes with RHEL 7). I'm > > trying to figure out a workflow for doing DNS updates with auto-dnssec > > turned on. When I have to update a zone file, I do so by editing the zone > > file and incrementing the serial number, then restarting Bind. > > Unfortunately, Bind doesn't pick up the changes. > > Does it work better if you run `rndc reload` or equivalent (e.g. service > bind reload)?
Oh, I just noticed you have an "update-policy local" clause in your domain configuration. This means that named owns the unsigned master file as well as the signed version, so you should not edit the unsigned version without co-ordinating with named. i.e. you need to use `rndc freeze` and `rndc thaw` before and sfter editing the zone. Or, if you are not using nsupdate, you can just remove the `update-policy` clause. In most cases it is best to either use `nsupdate` exclusively, or directly edit the master file, but not a mixture of the two. If you are using `nsupdate` then there is no need for inline-signing. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ - I xn--zr8h punycode Trafalgar: Cyclonic 4 or 5 in far southeast, otherwise northerly 5 or 6, occasionally 7 in north. Moderate or rough, occasionally slight in far southeast. Fog patches in southeast. Moderate or good, occasionally very poor in southeast. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
