Hi,
I ran a script to check some DNS issues and it diagnosed "ERROR: SOA records
are not consistent across nameservers". The reason seems to be because I use
different views for internal vs external queries. I have external secondary
servers, so querying them (e.g. dig @45.33.33.148 tana.it soa) can give
different results.
rndc zonestatus says the following:
598-north:bind# rndc zonestatus tana.it in internal
name: tana.it
type: primary
files: /etc/bind/int/tana.it
serial: 2025060901
signed serial: 2025060981
nodes: 102
last loaded: Mon, 09 Jun 2025 11:26:50 GMT
secure: yes
inline signing: yes
key maintenance: automatic
next key event: Mon, 22 Sep 2025 18:54:55 GMT
next resign node: i-cname.tana.it/CNAME
next resign time: Fri, 10 Oct 2025 23:20:17 GMT
dynamic: no
reconfigurable via modzone: no
And
599-north:bind# rndc zonestatus tana.it in external
name: tana.it
type: primary
files: /etc/bind/pub/tana.it
serial: 2025060901
signed serial: 2025060980
nodes: 101
last loaded: Mon, 09 Jun 2025 11:27:00 GMT
secure: yes
inline signing: yes
key maintenance: automatic
next key event: Mon, 22 Sep 2025 18:54:55 GMT
next resign node: k-cname.tana.it/A
next resign time: Fri, 10 Oct 2025 23:24:42 GMT
dynamic: no
reconfigurable via modzone: no
Why signed serials differ even if serials agree?
Are my views out of sync? (next resign nodes differ)
Are secondary servers out of sync?
Is the script incorrect?
TIA for any clue
Best
Ale
--
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list.
