We have a series of bind9 nameservers (running some 9.9 and some 9.10).  On
our slave zones, which are all reading identical slave zone files, one of
our servers is running the RedHat default bind 9.9.4-74.  The other servers
are running bind compiled directly from isc's source.  When we issue a
named-checkzone on any of the ones compiled straight from isc's source,
after every RRSIG line, we see a ; resign line that contains the date/time
of that resign.  When we issue the same command on RedHat's default, we get
all of the same information, minus that line.  I was wondering if anyone
could tell me what exactly produces that line.  I see in the bind source
code a comment that it is "Only valid if DNS_RDASETATTR_RESIGN is set in
attributes."  Where would this be set?  If it's in the attributes of the
signed zone file, I would think that it should be there, as when any other
server reads the same files the data appears.  Is this some compile time
option? Is there a config file somewhere on the Linux server itself that
needs to set this?  Really any pointer in the right direction would be

Example of the symptom:
first the server running RedHat standard, that does not produce the ;
resign line
[root@rutl800p slaves]# named-checkzone -j -f raw -o - myzone.com
zone myzone.com/IN: loaded serial 1460033625 (DNSSEC signed)
myzone.com.      3600 IN SOA rutl601p.mylocaldomain.com.
hostmaster.mydomain.com. 1460033625 7200 3600 604800 3600
myzone.com.      3600 IN RRSIG SOA 13 2 3600 20190716190406 20190616180406
59573 myzone.com. /HXXeswjocBRCgOftRGwX3EeLYSXXBS8r70oJ/K2rZvn301D7XUKr7nf
myzone.com.      3600 IN NS ns1.mydomain.com.

Then the other servers that *do* produce it.
[root@rutl801p slaves]# named-checkzone -j -f raw -o - myzone.com
zone myzone.com/IN: loaded serial 1460033625 (DNSSEC signed)
myzone.com.      3600 IN SOA rutl601p.mylocaldomain.com.
hostmaster.mydomain.com. 1460033625 7200 3600 604800 3600
myzone.com.      3600 IN RRSIG SOA 13 2 3600 20190716190406 20190616180406
59573 myzone.com. /HXXeswjocBRCgOftRGwX3EeLYSXXBS8r70oJ/K2rZvn301D7XUKr7nf
; resign=20190716190406
myzone.com.      3600 IN NS ns1.mydomain.com.

Stephen Gilbert

Systems Administrator

P 704-589-0332

E sgilb...@mcclatchy.com <em...@mcclatchy.com>
W mcclatchy.com

[image: McClatchy Facebook] <https://www.facebook.com/McClatchyCo/> [image:
McClatchy Twitter] <https://twitter.com/mcclatchy?lang=en> [image:
McClatchy LinkedIn]
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list

Reply via email to