Did it reject the zone when you used a too-large serial number? If so then that explains why digging against the master doesn't show an updated serial.
On Mar 26, 2012, at 11:53 AM, Carlos Ribas wrote: > Hello, > > I was doing some tests with DNSSEC in that zone. I used one day of > signature lifetime, now it is expired. All this happen when I was trying to > regenerate the signature. > > In fact, the problem is that my master did not see the serial change. If > I run dig using the master I still got the old serial number,even after > restart bind. Should I have to disable DNSSEC? > > Regards, > > --------------------------------- > Carlos Eduardo Ribas > > > 2012/3/26 Chuck Swiger <cswi...@mac.com> > On Mar 26, 2012, at 11:30 AM, Carlos Ribas wrote: > > I accidentally changed the serial number to one bigger than 32 bits and now > > I'm trying to reset the serial number. Following the manual of Bind9 I > > tried to add 2147483647 (2ˆ31-1) to the number and reload the server, but > > my slave is not updating to the new zone serial number. > > Shut down the slave server(s). > Use scp or rsync to copy over the zone file, one with a corrected serial #. > Restart the slave server(s). > > [ Is BIND putting SOA serial #'s into a signed int? ] > > Regards, > -- > -Chuck > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users