On Fri, Jul 1, 2016 at 2:13 PM, dramaley <daniel.rama...@drake.edu> wrote:
> Hello. I'm running Bind 9.9.4 (the default that comes with RHEL 7). I'm > trying to figure out a workflow for doing DNS updates with auto-dnssec > turned on. When I have to update a zone file, I do so by editing the zone > file and incrementing the serial number, then restarting Bind. > Unfortunately, Bind doesn't pick up the changes. I suspect the reason is > because with automatic signing, Bind increments the serial number on its > own > in the .signed version of the zone, and that the signed zone file will > already have a higher serial than the file i had just edited. Is there a > better workflow for doing DNS updates? Or would it be easier just to turn > off auto-dnssec and go back to manually signing my zones? > > My zone file configuration looks like this: > zone "example.com" { > type master; > file "external/example.com.zone"; > auto-dnssec maintain; > inline-signing yes; > update-policy local; > key-directory "/etc/named/keys"; > }; > > Thanks in advance! > > > > -- > View this message in context: > http://bind-users-forum.2342410.n4.nabble.com/Automatic-DNSSEC-signing-workflow-tp2333.html > Sent from the Bind-Users forum mailing list archive at Nabble.com. > > I am not using DNSSEC yet, but I would say try updating using nsupdate instead of editing the file. -- Bob Harold
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users