>> OK, but rndc flush example.com results in:
>> rndc: 'flush' failed: not found
>
> *FACEpalm*
>
> I'm sorry. I gave you the wrong command. You want "sync", not "flush". My
> brain always thinks "flush the journal to disk" when it's really supposed to
> be "sync the journal to disk". You can pass the optional "-clean" command to
> cause BIND to remove the synced journal file.
>
> "flush" is flushing caches, and you can optionally specify a view. I'm
> guessing that you don't have a view named "example.com".
>
>> Then service named stop, service named start.
>
> When you use the proper commands, you don't need to restart the named
> service. You can also use rndc reload without needing to restart the named
> service.
rndc reload did not recreate (or at least update the time stamp) on the .signed
file.
But at no point do I get the new subdomains I added to the zone added to the
zone.signed
I’ll try sync clean and see if I get further.
Nope, now the .signed file isn’t touched at all after the zone file is edited.
zone "example.com" { type master; file "master/example.com.signed";
update-policy local; auto-dnssec maintain; };
So I am still with a zone file that contains two subdomains that are not
represented in the .signed zone file, so do not load and nothing that I do
seems to be able to recreate the .signed file with the correct information.
Is the original random key that was generated at the time of signing kept
somewhere? NSEC3 seems to contain a 16 character hex sting that recurs
throughout the file.
--
all your snowflakes are urine and you can't even find the cat
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
