Matthew Richardson <matthe...@itconsult.co.uk> wrote:
> Having upgraded to 9.11.15 I am still seeing similar problems, where some
> zones stop updating their signatures.
I recently had a signing problem on my toy server which I think was
caused by a cockup with `rndc freeze`. It was not easy to get named to
re-start re-signing the zones properly :-(
One symptom was that the broken zones had "resign" times in the past. I'm
using raw format zones without inline signing, so I can look at this with:
named-compilezone -j -f raw -o /dev/stdout $zone $file |
grep resign | sort -r
With inline-signing you want to look at the .signed file.
I tried deliberately breaking a zone with `rndc freeze` but it recovered
OK. One difference was that my deliberately broken zone had the same time
on all its signatures, so there wasn't a mixture of past and future resign
times.
So, no bright ideas here I'm afraid.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
South Biscay, Southeast Fitzroy: Variable 2 to 4 becoming southwesterly 4 to
6. Rough or very rough. Rain later. Moderate or good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
