Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Axel Rau
> Am 07.06.2018 um 13:36 schrieb Axel Rau : > > > occasionally named 9.11.3 fails to increment SOA serial like here: > > file: 2018060605 dns: 2018060604 It just happened again. An included zone file has been changed from 2 TLSA RRs to one: - - - _443._tcp.git.nussberg.de. 3600 IN TLSA

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Matthew Pounsett
On 14 June 2018 at 06:27, Axel Rau wrote: > > Am 07.06.2018 um 13:36 schrieb Axel Rau : > > > occasionally named 9.11.3 fails to increment SOA serial like here: > > file: 2018060605 dns: 2018060604 > > > It just happened again. An included zone file has been changed from 2 TLSA > RRs to one: > -

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Alan Clegg
On 6/14/18 9:44 AM, Matthew Pounsett wrote: > It just happened again. An included zone file has been changed from > 2 TLSA RRs to one: [...] > This now sounds very different from the original report.  Are you saying > that the zone started with two TLSA records, you changed it to have on

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Axel Rau
> Am 14.06.2018 um 16:12 schrieb Alan Clegg : > > Additionally, I read this as "the records changed are in an included > file" -- is the serial number in the "including" zone being incremented? Yes. Axel --- PGP-Key:29E99DD6 ☀ computing @ chaos claudius signature.asc Description: Message si

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Axel Rau
> Am 14.06.2018 um 15:44 schrieb Matthew Pounsett : > > This now sounds very different from the original report. Are you saying that > the zone started with two TLSA records, you changed it to have only one, > reloaded the zone, but then none were present? Yes. > > That's a very different pro

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Matthew Pounsett
On 14 June 2018 at 10:16, Axel Rau wrote: > > Am 14.06.2018 um 16:12 schrieb Alan Clegg : > > Additionally, I read this as "the records changed are in an included > file" -- is the serial number in the "including" zone being incremented? > > Yes. > > I think at this point you're going to need to

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Axel Rau
Am 14.06.2018 um 17:14 schrieb Matthew Pounsett :On 14 June 2018 at 10:16, Axel Rau wrote:Am 14.06.2018 um 16:12 schrieb Alan Clegg :Additionally, I read this as "the records changed are in an includedfile" -- is the serial number in the "inc