On Mon, Apr 13, 2020 at 02:22:53PM +0200, Mark Elkins wrote: > Question - What are the "TYPE65534" records? What are they saying? I am > using "DiG 9.16.1" so surprised it doesn't know.
This is a mechanism named uses to keep track of the status of zone signing operations, so that if there's a crash or power outage before signing is complete, it'll know which step it needs to resume on. To see the status in a human-readable form, use "rndc signing -list <zone>". If it says signing is complete, you're free to remove the records with "rndc signing -clear all <zone>". > My zones '$TTL' is 1200... so I would have thought the CDS record would > have appeared by now. > I "signed" the zone at Apr 12 21:27 +02:00 and its now 16 hours later. I > thought the biggest delay factor is the zones $TTL, often set to one day. I'm... not sure CDS is published automaitcally yet. I'd have to check to be sure, but I think that's coming in a future release. > Looks like the SOA Serial Number still needs to be maintained manually. > Was expecting a more OpenDNSSEC approach. Would love an automated > YYYYMMDDxx number - date it was last 'modified'. Would be perfect for > small zones that are rarely updated. I think the zone option "serial-update-method date;" does this. (I haven't tested it with dnssec-policy though.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
