Re: Signed zone does not get updated 'receive_secure_serial: not exact'
Am 26.12.2012 um 23:31 schrieb Mark Andrews : > What it is complaining about is that when the change you just applied to the > unsigned version of the zone is applied to the signed version it > found one of: > > * the record to be removed was not there > * the record to be aded was already there > > This means that the two versions of the zone have become unsyncronized. Thanks. Not sure how they became unsynchronized. Looking at other posts, removing the journal and increasing the serial makes the problem go away: $ rndc sync -clean leuxner.net $ rndc stop Dec 26 09:01:16 spectre named[23831]: sync: dumping zone 'leuxner.net/IN', removing journal file: success Dec 26 09:03:16 spectre named[23831]: received control channel command 'stop' Regards Thomas smime.p7s Description: S/MIME cryptographic signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nsupdate for default TTL
δΊ 2012-12-26 22:12, Carsten Strotmann ει: > Because there is no concept of a "default TTL" in a loaded zone, you > can only change the dedicated TTLs on each individual resource record > using the "nsupdate" tool. Thanks Carsten. Happy new year! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Signed zone does not get updated 'receive_secure_serial: not exact'
In message <0fac2f01-3384-45da-8ad9-738fb175b...@leuxner.net>, Thomas Leuxner writes: > Hi, > > I'm having the problem that after rolling a dynamic update on one of the > zones - a newly signed zone - the signed zone does not get updated, but > mocks about the serial being 'not exact'. The above sentence is not proper English which makes it hard to determine what you actually did. It is not mocking about the serial being 'not exact'. What it is complaining about is that when the change you just applied to the unsigned version of the zone is applied to the signed version it found one of: * the record to be removed was not there * the record to be aded was already there This means that the two versions of the zone have become unsyncronized. > Dec 26 07:39:26 spectre named[23831]: client 188.138.3.243#16192/key = > tlx.leuxner.net: signer "tlx.leuxner.net" approved > Dec 26 07:39:26 spectre named[23831]: client 188.138.3.243#16192/key = > tlx.leuxner.net: updating zone 'leuxner.net/IN':deleting rrset at = > '2012._domainkey.leuxner.net' TXT > Dec 26 07:39:26 spectre named[23831]: client 188.138.3.243#16192/key = > tlx.leuxner.net: updating zone 'leuxner.net/IN': adding an RR at = > '2012._domainkey.leuxner.net' TXT > Dec 26 07:39:26 spectre named[23831]: zone leuxner.net/IN (signed): = > receive_secure_serial: not exact > > What am I doing wrong (9.9.2-P1)? > > Regards > Thomas -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Query regarding 'UPDATE' field in log entries
Hello, Gaurav Kansal writes: > > I am getting the below mentioned log continuously in my log file. > client 2001:db8:0:196:feed:feed:feed:dc#54458: update > 'test-zone.in/IN' denied > Does it means that someone is claiming for the authority of the > test-zone.in for which I am the master? it does mean that the client is trying to update the "test-zone.in" using a dynamic update DNS message. This is probably because the client is running a Windows OS and is configured (manually or by DHCP) to be in the "local domain / DNS suffix" of "test-zone.in" and tries to add an Address record (A and/or ) of its own IP Address into the zone. That is a default behavior of some client operating systems. As dynamic updates are not enabled by default, the BIND DNS server denies the updates, and you see the log entry. If you want to allow clients to automatically update the zone, you need to configure the zone as a dynamic zone (using update-policy or allow-update statements). If the client is not in your own networks, someone in the remote network has (mis-)configured the client to be inside the "test-zone.in" domain. Best regards Carsten Strotmann ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nsupdate for default TTL
Hello Feng He, Feng He writes: > Is there a way to dynamic update the zone's default TTL by nsupdate? A default TTL (example $TTL 3600) is a property of a zone file on disk, it is a control statement read by the BIND name server when loading the zone file. The default TTL is applied to all resource records that do not have a dedicated TTL defined. After loading the zone, every resource record will have a dedicated TTL and there is no "default TTL" in a loaded zone (in memory). Because there is no concept of a "default TTL" in a loaded zone, you can only change the dedicated TTLs on each individual resource record using the "nsupdate" tool. Best regards and a good new year! Carsten Strotmann ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
nsupdate for default TTL
Hi Is there a way to dynamic update the zone's default TTL by nsupdate? Thanks and Merry Xmas! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Query regarding 'UPDATE' field in log entries
Hi, I am getting the below mentioned log continuously in my log file. client 2001:db8:0:196:feed:feed:feed:dc#54458: update 'test-zone.in/IN' denied I have changed the client ip address in the above line. Does it means that someone is claiming for the authority of the test-zone.in for which I am the master? Thanks Gaurav Kansal ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users