> On 5 Feb 2019, at 04:57, Tony Finch <d...@dotat.at> wrote:
>
> @lbutlr <krem...@kreme.com> wrote:
>>
>> OK, then how do I get Bind9.122 to update the .signed files?
>
> Did you see my previous message?
I did not, sorry.
> https://lists.isc.org/pipermail/bind-users/2019-February/101335.html
>> Are you doing `rndc freeze` and `rndc thaw` before and after editing the
>
>> unsigned zone file?
No. I was under the impression that when bind reloaded (rndc reload and/or
service named stop/start and/or service named reload) and saw a new serial
number, it would generate a new .signed file for that zone as part of the
process of refreshing its information and notifying the slaves.
It appears that I need an entirely different workflow that the one I've been
using for the last couple of decades of editing the zone files and reloading
the DNS server.
So, to update a zone now I should either use nsupdate to make the changes, or I
should rndc freeze, edit the file, rndc thaw.
>> How are you checking the signed zone?
dig +dnssec example.com @127.0.0.1
So, right now, given that I did not freeze/thaw nor did I make the edits via
nsupdate, how do I get the .signed files to be regenerated from the existing
example.com zone file?
--
Two, Four, Six, Eight! Time to Transubstantiate!
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
