Re: inline-signing: SOA serial out of sync

2018-06-23 Thread Axel Rau
> Am 21.06.2018 um 08:18 schrieb Stefan Förster via bind-users > : > > > I used to see something similar (although views were involved), where BIND > was not picking up changes to a zone when only included files were changed: > > https://lists.isc.org/pipermail/bind-users/2017-September/09914

Re: inline-signing: SOA serial out of sync

2018-06-20 Thread Stefan Förster via bind-users
Hi, * Axel Rau : Occasionally it happens after rndc reload that the serial in the zone file is bigger than that in served SOA. In this case, named begins serving stale data. Probability for this to happen increases with size of the journal file. I used to see something similar (although views

Re: inline-signing: SOA serial out of sync

2018-06-19 Thread Axel Rau
> Am 14.06.2018 um 18:30 schrieb Axel Rau : > > I include the zone file with the 2 included files, a AXFR dump of it and the > options and zone statement (which is not in a view) of the server config in a > zip archiv. I saw no comments on the provided data, so I assume, nobody has a clue on t

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Axel Rau
Am 14.06.2018 um 17:14 schrieb Matthew Pounsett :On 14 June 2018 at 10:16, Axel Rau wrote:Am 14.06.2018 um 16:12 schrieb Alan Clegg :Additionally, I read this as "the records changed are in an includedfile" -- is the serial number in the "inc

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Matthew Pounsett
On 14 June 2018 at 10:16, Axel Rau wrote: > > Am 14.06.2018 um 16:12 schrieb Alan Clegg : > > Additionally, I read this as "the records changed are in an included > file" -- is the serial number in the "including" zone being incremented? > > Yes. > > I think at this point you're going to need to

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Axel Rau
> Am 14.06.2018 um 15:44 schrieb Matthew Pounsett : > > This now sounds very different from the original report. Are you saying that > the zone started with two TLSA records, you changed it to have only one, > reloaded the zone, but then none were present? Yes. > > That's a very different pro

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Axel Rau
> Am 14.06.2018 um 16:12 schrieb Alan Clegg : > > Additionally, I read this as "the records changed are in an included > file" -- is the serial number in the "including" zone being incremented? Yes. Axel --- PGP-Key:29E99DD6 ☀ computing @ chaos claudius signature.asc Description: Message si

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Alan Clegg
On 6/14/18 9:44 AM, Matthew Pounsett wrote: > It just happened again. An included zone file has been changed from > 2 TLSA RRs to one: [...] > This now sounds very different from the original report.  Are you saying > that the zone started with two TLSA records, you changed it to have on

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Matthew Pounsett
On 14 June 2018 at 06:27, Axel Rau wrote: > > Am 07.06.2018 um 13:36 schrieb Axel Rau : > > > occasionally named 9.11.3 fails to increment SOA serial like here: > > file: 2018060605 dns: 2018060604 > > > It just happened again. An included zone file has been changed from 2 TLSA > RRs to one: > -

Re: inline-signing: SOA serial out of sync

2018-06-14 Thread Axel Rau
> Am 07.06.2018 um 13:36 schrieb Axel Rau : > > > occasionally named 9.11.3 fails to increment SOA serial like here: > > file: 2018060605 dns: 2018060604 It just happened again. An included zone file has been changed from 2 TLSA RRs to one: - - - _443._tcp.git.nussberg.de. 3600 IN TLSA

Re: inline-signing: SOA serial out of sync

2018-06-09 Thread Axel Rau
Hi Matthew, sorry for my late answer. > Am 07.06.2018 um 15:31 schrieb Matthew Pounsett : > > > > On 7 June 2018 at 07:36, Axel Rau wrote: > Hi all, > > occasionally named 9.11.3 fails to increment SOA serial like here: > > file: 2018060605 dns: 2018060604 > > zone file was edited

Re: inline-signing: SOA serial out of sync

2018-06-09 Thread Axel Rau
Hi Tony, sorry for the late replay. > Am 07.06.2018 um 14:20 schrieb Tony Finch : > > Axel Rau wrote: >> >> occasionally named 9.11.3 fails to increment SOA serial like here: >> >> file: 2018060605 dns: 2018060604 > > With inline signing the signed and unsigned zones have separate seria

Re: inline-signing: SOA serial out of sync

2018-06-07 Thread Matthew Pounsett
On 7 June 2018 at 07:36, Axel Rau wrote: > Hi all, > > occasionally named 9.11.3 fails to increment SOA serial like here: > > file: 2018060605 dns: 2018060604 > > zone file was edited by script and a rndc reload given. > [...] > Manual fixing requires another cycle with zone file editing

Re: inline-signing: SOA serial out of sync

2018-06-07 Thread Tony Finch
Axel Rau wrote: > > occasionally named 9.11.3 fails to increment SOA serial like here: > > file: 2018060605 dns: 2018060604 With inline signing the signed and unsigned zones have separate serial numbers, so this is normal. If I understand inline-signing correctly, when you only modify the u

inline-signing: SOA serial out of sync

2018-06-07 Thread Axel Rau
Hi all, occasionally named 9.11.3 fails to increment SOA serial like here: file: 2018060605 dns: 2018060604 zone file was edited by script and a rndc reload given. This usually works perfect, but here: Only entry in log file: notify: debug 3: zone lrau.net/IN (signed): sending