On 7 Oct 2014 21:44, "Doug Barton" <[email protected]> wrote: > > On 10/7/14 11:03 AM, Terry Burton wrote: > >> With inline signing you have a hidden serial number in the unsigned zone >> and an exposed serial number in the signed versions which your slaves >> track. After redeployment (following DR, emergency relocation, elastic >> capacity expansion, etc.) I want to be able to bump the exposed serial >> number (once) back to an appropriate value without having to modify the >> unsigned zones. >> >> (For context, the unsigned zone serial number matches the revision >> number in a VCS to which the DNS infrastructure hosts and administrators >> have read-only access, i.e. mandatory separation of infrastructure and >> data access rights.) > > > * Check out the unmodified version of the unsigned zone > * Increase the serial number in the checked out copy to be past the one in the signed zone > * rndc reload > * Delete the modified version of the zone file, and revert to the master copy > > ... all of which is not to say that your request is not reasonable, just letting you know that a solution exists.
Sure, this is the approach that is currently taken. As stressed in my request, this is purely for convenience... and a little bit of obsessive data purity - load what you're given without additional processing, etc. Thanks all the same!
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
