Re: Serial number question..

[Mark Elkins]

I was wondering if there was any significance in the SOA serial value

$ date --date='@1297117089'
Tue Feb  8 00:18:09 SAST 2011
$ date --date='@1762233707'
Tue Nov  4 07:21:47 SAST 2025

...so nope (but sort of close?)

Personally - I try and use a MMDDxx format in my SOA Serial number - 
so in an easily understandable human readable format (as long as there 
are no more than 99 updates in a day - or one change every 15 minute 
clock tick). Another option is the current seconds since Unix epoch - 
which is what I thought might be going on. That could work for very busy 
or dynamic zones.


It then allows for simple sanity checking of the SOA Serial number based 
on the current date (and time) - before telling your authoritative 
nameserver software a change has happened.


Years ago - I had to rotate an SOA Serial past 2^31, negative and down, 
past Zero to the format we wanted when an uncontrolled SOA update 
happened. Pain in the rear end.


Anyway - the Secondaries will only update again once the Primary SOA 
Serial number is "bigger" than they are.


On 12/17/20 8:56 PM, Bruce Johnson wrote:

Someone updated out name server and messed up the serial number on the primary; 
as a result our secondaries are not updating properly.

Primary:

bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall 
+answer pharmacy.arizona.edu
pharmacy.arizona.edu.   86404   IN  SOA elixir.pharmacy.arizona.edu. 
wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400


Secondaries:

bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall 
+answer pharmacy.arizona.edu
pharmacy.arizona.edu.   86404   IN  SOA elixir.pharmacy.arizona.edu. 
wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer 
pharmacy.arizona.edu
pharmacy.arizona.edu.   86404   IN  SOA elixir.pharmacy.arizona.edu. 
wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400

Is the fix here just setting the serial number on the primary to 1762233708 ?

The various things online I’ve found are all based on “you accidentally set the 
primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...



--

Mark James ELKINS  -  Posix Systems - (South) Africa
m...@posix.co.za   Tel: +27.826010496 
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za 



Posix SystemsVCARD for MJ Elkins

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Serial number question..

[Bruce Johnson]

Thanks, that worked perfectly!

> On Dec 17, 2020, at 12:02 PM, Reindl Harald  wrote:
> 
> 
> 
> Am 17.12.20 um 19:56 schrieb Bruce Johnson:
>> Someone updated out name server and messed up the serial number on the 
>> primary; as a result our secondaries are not updating properly.
>> Primary:
>> bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall 
>> +answer pharmacy.arizona.edu
>> pharmacy.arizona.edu.86404   IN  SOA 
>> elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1297117089 
>> 3600 120 1209600 86400
>> Secondaries:
>> bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall 
>> +answer pharmacy.arizona.edu
>> pharmacy.arizona.edu.86404   IN  SOA 
>> elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 
>> 3600 120 1209600 86400
>> bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer 
>> pharmacy.arizona.edu
>> pharmacy.arizona.edu.86404   IN  SOA 
>> elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 
>> 3600 120 1209600 86400
>> Is the fix here just setting the serial number on the primary to 1762233708 ?
>> The various things online I’ve found are all based on “you accidentally set 
>> the primary more than 2^32 ahead” so you have to do a bunch of modulo 
>> arithmetic...
> 
> just set it *higher* on the master and you are done
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group

Institutions do not have opinions, merely customs


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Serial number question..

[Ondřej Surý]

Bruce,

you should start by picking a policy for your serial number. Both unixtime and 
datetime are viable, but you should pick one.

Then rotate to your desired policy by doing the serial number arithmetic. For 
datetime, you would just bump it, but for unixtime you will need to do that in 
more steps (as you have found on the Internet).

Ondrej
--
Ondřej Surý — ISC (He/Him)

> On 17. 12. 2020, at 19:56, Bruce Johnson  wrote:
> 
> Someone updated out name server and messed up the serial number on the 
> primary; as a result our secondaries are not updating properly.
> 
> Primary:
> 
> bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall 
> +answer pharmacy.arizona.edu
> pharmacy.arizona.edu.86404INSOAelixir.pharmacy.arizona.edu. 
> wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400
> 
> 
> Secondaries:
> 
> bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall 
> +answer pharmacy.arizona.edu
> pharmacy.arizona.edu.86404INSOAelixir.pharmacy.arizona.edu. 
> wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
> bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer 
> pharmacy.arizona.edu
> pharmacy.arizona.edu.86404INSOAelixir.pharmacy.arizona.edu. 
> wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
> 
> Is the fix here just setting the serial number on the primary to 1762233708 ?
> 
> The various things online I’ve found are all based on “you accidentally set 
> the primary more than 2^32 ahead” so you have to do a bunch of modulo 
> arithmetic...
> 
> 
> -- 
> Bruce Johnson
> University of Arizona
> College of Pharmacy
> Information Technology Group
> 
> Institutions do not have opinions, merely customs
> 
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Serial number question..

[Sten Carlsen]

The modulo arithmetic comes if you need it to be lower than in the slaves since 
they will consider a lower numbered transfer to be out of date and refuse to 
update. Meaning you will need to go to the top and round back to where you need 
to be.

-- 
Best regards 
Sten Carlsen


"No trees were killed in the making of this e-mail... however,
a large number of electrons were terribly inconvenienced."

> On 17 Dec 2020, at 20.02, Reindl Harald  wrote:
> 
> 
> 
> Am 17.12.20 um 19:56 schrieb Bruce Johnson:
>> Someone updated out name server and messed up the serial number on the 
>> primary; as a result our secondaries are not updating properly.
>> Primary:
>> bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall 
>> +answer pharmacy.arizona.edu
>> pharmacy.arizona.edu.86404   IN  SOA 
>> elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1297117089 
>> 3600 120 1209600 86400
>> Secondaries:
>> bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall 
>> +answer pharmacy.arizona.edu
>> pharmacy.arizona.edu.86404   IN  SOA 
>> elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 
>> 3600 120 1209600 86400
>> bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer 
>> pharmacy.arizona.edu
>> pharmacy.arizona.edu.86404   IN  SOA 
>> elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707 
>> 3600 120 1209600 86400
>> Is the fix here just setting the serial number on the primary to 1762233708 ?
>> The various things online I’ve found are all based on “you accidentally set 
>> the primary more than 2^32 ahead” so you have to do a bunch of modulo 
>> arithmetic...
> 
> just set it *higher* on the master and you are done
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Serial number question..

[Ricardo Stella]

Suggestion I learned ages ago...

Set the serial number to match the date the change is made such as
MMDDvv (Year, month, date, version).  For example: 2020121701

Of course, if you do more than 99 changes in a single day, you probably
have other problems..


On Thu, Dec 17, 2020 at 2:02 PM Reindl Harald 
wrote:

>
>
> Am 17.12.20 um 19:56 schrieb Bruce Johnson:
> > Someone updated out name server and messed up the serial number on the
> primary; as a result our secondaries are not updating properly.
> >
> > Primary:
> >
> > bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA
> +noall +answer pharmacy.arizona.edu
> > pharmacy.arizona.edu. 86404   IN  SOA
> elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1297117089
> 3600 120 1209600 86400
> >
> >
> > Secondaries:
> >
> > bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA
> +noall +answer pharmacy.arizona.edu
> > pharmacy.arizona.edu. 86404   IN  SOA
> elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707
> 3600 120 1209600 86400
> > bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall
> +answer pharmacy.arizona.edu
> > pharmacy.arizona.edu. 86404   IN  SOA
> elixir.pharmacy.arizona.edu. wunz.elixir.pharmacy.arizona.edu. 1762233707
> 3600 120 1209600 86400
> >
> > Is the fix here just setting the serial number on the primary to
> 1762233708 ?
> >
> > The various things online I’ve found are all based on “you accidentally
> set the primary more than 2^32 ahead” so you have to do a bunch of modulo
> arithmetic...
>
> just set it *higher* on the master and you are done
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>


-- 
°(((=((===°°°(((
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Serial number question..

[Reindl Harald]

Am 17.12.20 um 19:56 schrieb Bruce Johnson:

Someone updated out name server and messed up the serial number on the primary; 
as a result our secondaries are not updating properly.

Primary:

bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall 
+answer pharmacy.arizona.edu
pharmacy.arizona.edu.   86404   IN  SOA elixir.pharmacy.arizona.edu. 
wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400


Secondaries:

bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall 
+answer pharmacy.arizona.edu
pharmacy.arizona.edu.   86404   IN  SOA elixir.pharmacy.arizona.edu. 
wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer 
pharmacy.arizona.edu
pharmacy.arizona.edu.   86404   IN  SOA elixir.pharmacy.arizona.edu. 
wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400

Is the fix here just setting the serial number on the primary to 1762233708 ?

The various things online I’ve found are all based on “you accidentally set the 
primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...


just set it *higher* on the master and you are done
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Serial number question..

[Bruce Johnson]

Someone updated out name server and messed up the serial number on the primary; 
as a result our secondaries are not updating properly.

Primary:

bruces-Mac-Mini:~ johnson$ dig @elixir.pharmacy.arizona.edu -t SOA +noall 
+answer pharmacy.arizona.edu
pharmacy.arizona.edu.   86404   IN  SOA elixir.pharmacy.arizona.edu. 
wunz.elixir.pharmacy.arizona.edu. 1297117089 3600 120 1209600 86400


Secondaries:

bruces-Mac-Mini:~ johnson$ dig @dhbns1.pharmacy.arizona.edu -t SOA +noall 
+answer pharmacy.arizona.edu
pharmacy.arizona.edu.   86404   IN  SOA elixir.pharmacy.arizona.edu. 
wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400
bruces-Mac-Mini:~ johnson$ dig @ns-remote.arizona.edu -t SOA +noall +answer 
pharmacy.arizona.edu
pharmacy.arizona.edu.   86404   IN  SOA elixir.pharmacy.arizona.edu. 
wunz.elixir.pharmacy.arizona.edu. 1762233707 3600 120 1209600 86400

Is the fix here just setting the serial number on the primary to 1762233708 ?

The various things online I’ve found are all based on “you accidentally set the 
primary more than 2^32 ahead” so you have to do a bunch of modulo arithmetic...


-- 
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group

Institutions do not have opinions, merely customs


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users