Re: [Pdns-users] Different RRSIG's on master and slaves

Tue, 24 Sep 2013 04:26:36 -0700

Just a wild guess: Maybe the Master did a key roll over, but the serial was not increased. So, the slaves do not update and retransfer the zone. You could try increasing the serial manually. Then the slaves should update to the master. 

See also SOA-EDIT at http://doc.powerdns.com/html/domainmetadata.html

regards
Klaus

On 24.09.2013 10:38, mvdgeijn wrote:

Hi,

I'm having trouble locating the problem why for one of our domains the RRSIG
record is different on the master and on the slaves (on the 2 slaves they
are identical). All DNS servers are PowerDNS servers running version 3.3
with MySQL backend. Transfers are done using AXFR.

Using dig +dnssec SOA:

MASTER:
concepthouse.nl.        3600    IN      RRSIG   SOA 8 2 3600 20131003000000
20130912000000 37080 concepthouse.nl.
nbB9I23pT6eTpPrJi12J6lW6R3CvYhjD0tZgR0k5K3ZARsFc+rBULYwF
9yIYyMhQWHMcWFhBI8khi8U96DT8cMu884Mp/3n5N8Ey3bm5BLVDipEJ
NErDp/1jE8JLdGOLvqIP5+3aBGCD8EhJ108OTykk0R/rEmXBCXNBP5O0 sEA=
concepthouse.nl.        3600    IN      SOA     ns1.bhosted.nl.
hostmaster.bhosted.nl. 2013092403 10800 3600 302400 3600

SLAVE 1:
concepthouse.nl.        3600    IN      RRSIG   SOA 8 2 3600 20131003000000
20130912000000 14754 concepthouse.nl.
hnVskWJ8HvqVj77fevulu4OprL6Yq9A7JD405gspWvlhcf4dsm/Jgmwv
fZyoHFA8Z04LmMNyfUNfXXRGd0ZufGONKU/5qSd2mTeAmapGE1ompyyP
u5JAcaF1EYumjkwBML75mD+bBfAhJm8Z6fD0fjcvIXoMemzb3qVAMysZ iMU=
concepthouse.nl.        3600    IN      SOA     ns1.bhosted.nl.
hostmaster.bhosted.nl. 2013092402 10800 3600 302400 3600

SLAVE 2:
concepthouse.nl.        3600    IN      SOA     ns1.bhosted.nl.
hostmaster.bhosted.nl. 2013092402 10800 3600 302400 3600
concepthouse.nl.        3600    IN      RRSIG   SOA 8 2 3600 20131003000000
20130912000000 14754 concepthouse.nl.
hnVskWJ8HvqVj77fevulu4OprL6Yq9A7JD405gspWvlhcf4dsm/Jgmwv
fZyoHFA8Z04LmMNyfUNfXXRGd0ZufGONKU/5qSd2mTeAmapGE1ompyyP
u5JAcaF1EYumjkwBML75mD+bBfAhJm8Z6fD0fjcvIXoMemzb3qVAMysZ iMU=

As you can see the serials are the same, but the DNSkey number is different.
How do I fix this? Disable DNSsec for this domain (and removing all
DNSkeys), and after that enable it again? Or is there another way?

Kind regards,

Marc van de Geijn



--
View this message in context: 
http://powerdns.13854.n7.nabble.com/Different-RRSIG-s-on-master-and-slaves-tp10349.html
Sent from the PowerDNS mailing list archive at Nabble.com.

_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users



_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to