On 02/21/2019 01:34 PM, @lbutlr via bind-users wrote:
I edited a zone file after issuing a rndc freeze command, added two new sub zones, changed the serial number, saved the file, and then did an rndc thaw.
I don't see an "rndc flush <zone>" in there.Which means that BIND likely still has the journal of the zone. And BIND prefers the journal over the actual textual representation of the zone.
zone serial (2019020105) unchanged. zone may fail to transfer to slaves. which is the previous serial number.
I would expect this if you edited the zone file and the journal file wasn't flushed.
So, I tried to move the .signed file aside, thinking maybe thaw might recreate it, But no, it complains the file doesn’t exist, so I put it back.
I don't think this is related to DNSSEC.
Is it possible for me to edit the zone file (as in with vim) and have bind update, or do I have to do everything through nsupdate and never access the zone files directly?
Yes, it is certainly possible to edit zone files outside of BIND's control. rndc freeze $ZONE rndc flush $ZONE $EDITOR $ZONE rndc thaw $ZONEI don't recall if reloading or thawing will automatically re-sign the zone or if you need to also explicitly "rndc sign $ZONE".
At this point, how do I get the zone updated?
Use the method above, or some sort of dynamic update.
If I try to dig for the new subdomains that are in the zone, they do not resolve, and all the information in DNS is the information that was there on 21090201.
That sounds like the old contents of the zone which are still in the journal file.
I am currently updating to bind912-9.12.3P1_3 to see if anything changes.
I don't think changing the BIND version will change anything. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
