On 2/2/14 5:39 AM, Tony Finch wrote: > David Newman <dnew...@networktest.com> wrote: >> On 1/31/14 10:35 AM, Tony Finch wrote: >>> David Newman <dnew...@networktest.com> wrote: >>>> >>>> What action, if any, is needed? >>> >>> Does rndc sign <zone> make it wake up? >> >> Alas, no. There are a bunch of successful IXFR messages to slave servers >> but the dates in that NSEC3PARAM RRSIG did not change. > > Not good. I would try deleting and re-adding the NSEC3PARAM records. > Slow if the zones are big but at least it should fix the problem.
Bingo. That cleared the issue. This may have been unrelated to the system upgrade. It's possible the stale NSEC3 records were there for a while, and I just hadn't noticed. Thanks very much for the troubleshooting clues. dn _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
