Bug#966422: bind9utils: dnssec-signzone -N unixtime behaves like increment

Tue, 28 Jul 2020 04:57:17 -0700 

Package: bind9utils
Version: 1:9.11.5.P4+dfsg-5.1+deb10u1
Severity: important

Dear Maintainer,

I recently upgraded from Debian 9.13 to 10.4. Starting from this date 
"dnssec-signzone -N unixtime" does not work any more causing my DNS slaves to 
fail receiving changes.

With Debian 9 "dnssec-signzone -N unixtime" uses the current unix timestamp as 
the serial numer for the generated signed zone, however, with the version 
shipped with Debian 10 the serial number is just incremented from the to be 
signd zone file. As I use a common zone-template for a huge nubmer of zones, 
every further signing of the template will use the very same serial numer 
(template serial number + 1).

I use the following command to sign my zones (using a script):
 /usr/sbin/dnssec-signzone -o ZONE.TLD. -e +1209600 -N unixtime zone.db 
K*.private

I don't get any warning or error. I checked that "-N date" uses the current 
date, however, "date" does not fit the needs of my scenario 8see above). Using 
"-N something" causes an error.

Best,
 Sven

-- System Information:
Debian Release: 10.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-1-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bind9utils depends on:
ii  libbind9-161      1:9.11.5.P4+dfsg-5.1+deb10u1
ii  libc6             2.28-10
ii  libcap2           1:2.25-2
ii  libcom-err2       1.44.5-1+deb10u3
ii  libdns1104        1:9.11.5.P4+dfsg-5.1+deb10u1
ii  libfstrm0         0.4.0-1
ii  libgeoip1         1.6.12-1
ii  libgssapi-krb5-2  1.17-3
ii  libisc1100        1:9.11.5.P4+dfsg-5.1+deb10u1
ii  libisccc161       1:9.11.5.P4+dfsg-5.1+deb10u1
ii  libisccfg163      1:9.11.5.P4+dfsg-5.1+deb10u1
ii  libjson-c3        0.12.1+ds-2
ii  libk5crypto3      1.17-3
ii  libkrb5-3         1.17-3
ii  liblmdb0          0.9.22-1
ii  libprotobuf-c1    1.3.1-1+b1
ii  libssl1.1         1.1.1d-0+deb10u3
ii  libxml2           2.9.4+dfsg1-7+b3
ii  python3           3.7.3-1
ii  python3-ply       3.11-3

bind9utils recommends no packages.

bind9utils suggests no packages.

-- no debconf information

Reply via email to