Hi Daniel,
"zonefile-load: difference-no-serial" was risky in the past when "journal-content:
all" wasn't required for that. Nowadays we aren't aware of any issues with this setup.
That's good to know. We'll stick with difference-no-serial and
journal-content: all
We're seeing this in our logs:
Jan 20 09:32:06 ht-signer01 knot[49715]: info: [pp.is.] zone file parsed, serial
corrected 1970010100 -> 2022012000
Jan 20 09:32:06 ht-signer01 knot[49715]: info: [pp.is.] loaded, serial 2022011900
-> 2022012000 -> 2022011900, 3830 bytes
This log line is correct. It means that there is no change in the zone so it
doesn't make sense to increase the serial only.
Ok, now I understand.
One question regarding the serial: Is it possible to set or increase the
serial (when using difference-no-serial) in some other way than simply
changing the zone and reloading?
We're using serial-policy: dateserial, and we're running two signers,
one active and one backup. The hidden primaries get updates from the
active signer.
If we need to change from the active to the backup the serial will
probably be out-of-sync and possibly some way off. If the backup signer
has a lower serial then what the prior active signer had, then we'll
need to fix it so the primaries start to accept updates from it.
I think the best way would be to change to serial-policy: unixtime, that
way every zone update is certain to increase the serial, but this will
require working with 3rd parties providing secondaries, to force the
first update after switching to unixtime.
I'd be interested to know if there was some way to do something like
`knotc zone-set-serial pp.is 2022012110` to force a new serial?
(I've combed through knotc man page, I know it's not there....)
.einar
--
