-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/28/14 3:49 AM, Alan Clegg wrote: > > On Jan 27, 2014, at 7:32 PM, David Newman <dnew...@networktest.com> > wrote: > >> Asking again, in a different and more generic form: When >> rebuilding a bind 9.9.4 server running DNSSEC with auto maintain, >> are there any steps I need to take beyond just backing up >> /var/named/etc/namedb (this is on FreeBSD) and restoring? >> >> This server is authoritative and primary, and has slaves for >> multiple domains. >> >> I'm concerned about keeping keys, serial numbers, and any other >> dynamic info in sync. > > Should be problem what-so-ever. > > Just stop the old server, do the backup, restore it where your new > system expects it then start the new one. A brief outage of your > master should be no issue is your slaves are working correctly. > > Do make sure that the new version is built with the same options as > the old one if you are replicating the file system locations of the > data. 8-)
Thanks. This mostly worked fine. The only gotchas: 1. On a NanoBSD box, named did not start because it couldn't write to the old named.log file. Deleting the existing named.log cleared that issue. I think this may be a NanoBSD-specific issue. 2. For five domains, the log contains signature-has-expired warnings. In all five cases, these are for NSEC3PARAM records. Is any action needed on my part, for example manually doing NSEC3 signing of these zones? Thanks again! dn -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJS6ucEAAoJEDoYs7vtFALacaEP/izW2EQ8rjff25TpCANlJ2Za WSeZTRZLiWpatz1ErlKp6kOZqABpNgH764DfueRMGfPsqvthGCCt+1k0v4jzVMnr SF3rpwH5Zue5RAkeHknyazvdrXd22psxN7J4pnqe83zMpfXY7JPdsmUKb/vIZeRY n1x+eMDSgNPUKN5g5Is1FPaQH4X95otDiH3C79n05wNCTDTrKHZNcDTEbrPkW3SE rNU1PBKkj1Q4g+xMcTjccUPUPzjBObhE///QZu5psfZutEAC8BUMIbNHvP5coszc byUOBKCpini4/8gOlEC49m1tHU6H7t8dppqufMSzxA6gZEKshd03MVdCJg7D8+e/ aYAXh/uBIWtav3QRIxix3g6q7zF/hOh/FG30IYhufItTnaK8BdO9sufbBnLePmf2 NwDcLc/U7bbN/pxY/oc7TgMbjqnAAP9YUAMHmOFqiw/JnmQ1SMXYxI80hSBoKnRx /gixPGW0qv146s4kJ0+phRl9/0igC97/S3Q0tk7erOXetw+CMHgfgBT9BCx2/I+A 9gEJ5Laqi2J6NT/QNl14WBJ/IF6a2umo47bBj0l4Orb3ivJkpsMo6k8vaytH6QDZ t38d5RXRJ1vNbr9kRMuXQAoKwsxemPFkVL/o7MAPBu4Htv8DD3VTEYL7R3l2EkEx K+9iLy/TKYMEPtNEetQ6 =NEkU -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users