On 24/06/2024 23:39, Randy Bush wrote: Hi Randy,
my current conclusion is: do not have both emacs dns-mode with `serial-policy: unixtime`; use only one or t'other.
Set "zonefile-load" to "difference-no-serial", which makes Knot DNS ignore the serial in the SOA record, and do all the serial number handling by itself, using unixtime. All our zones files have just a 0 in the serial number field.
Also, the "knotc zone-sign" is pointless. Just reload the zone after changing it, and Knot DNS will update signatures as needed.
Regards, Anand --
