I've compared the master and first slave DNS server, and I noticed a few differences. The first difference is the configuration on line 2. The master: 1 0 1 ab and the slave: 1 1 1 ab. What does the second number stand for? I can't find it in the documentation. Is this causing the difference between the master and slave dns servers?
Also all key id's are different. What I've done now is remove all database records related to the domain from the records, domainmetadata and cryptokeys tables. After that I updated the serial, and now the information on the slave is identical to the information on the master. The other slave (on which I did not remove any records) is still different. Regards, Marc MASTER: # pdnssec show-zone concepthouse.nl Zone is not presigned Zone has hashed NSEC3 semantics, configuration: 1 0 1 ab keys: ID = 52088 (KSK), tag = 18209, algo = 8, bits = 2048 Active: 1 ( RSASHA256 ) KSK DNSKEY = concepthouse.nl IN DNSKEY 257 3 8 AwEAAaXVoNLlXDXPJC8Hs1+IQmhcaZ+66Ktqrm3lRROCG4EQUjfqAKIY7h60mEdFRt30NGYNEEvm4ozA4l72zMWAfkV+3JB9sRsstzsamg/4KTIIsHxldF4NlAPekAYZFy2yHzauEpFDMg3cMxw4LELmw8Tr+imW4dXReBRCaW+8KeW31PIlgu5gWhZp8CuSCRtcRs1h59T5PvKbeMX6X1k061vXFgbn1fHTcVnAsKXfrKKBw3cyFPTd4RJbfPdxgfqAlautYG3lI5ud4dajSxWQcJn8ews48Yd/pMI3Ha9hZbSL82WnWlWmhxmbKl9PpcIcgXm3sso1DPy+5NmFI0mCUNM= ; ( RSASHA256 ) DS = concepthouse.nl IN DS 18209 8 1 249d09d91fa7c0202112c59e63b35b2003226a4e ; ( SHA1 digest ) DS = concepthouse.nl IN DS 18209 8 2 665f864ef2884edb055d611d6f3ff4ac50505fec553d1dfed12c105219facfde ; ( SHA256 digest ) ID = 52089 (ZSK), tag = 37080, algo = 8, bits = 1024 Active: 1 ( RSASHA256 ) SLAVE: # pdnssec show-zone concepthouse.nl Zone is not presigned Zone has hashed NSEC3 semantics, configuration: 1 1 1 ab keys: ID = 859 (KSK), tag = 10691, algo = 8, bits = 2048 Active: 1 ( RSASHA256 ) KSK DNSKEY = concepthouse.nl IN DNSKEY 257 3 8 AwEAAeU6V/bRYKX6uDV/w/uVOH6DRIhnq+SN/tOtBkEJgTAK3h7PJHJm1/vBfsZ44lFm3S4OOVy9WoKrly/HtYhNOCVa3wTInyU2Ix1ITxq7cK3Ybsx8X/kyCaQknqZ0D/iHFWpxPQzQbxZm+5IHNxeC5ljeM7TTbmsrRkVmRQCxVgniskmSc1MpnymDOG12zO4wg/Ju+nrMiMMCwQ83ccHWAlZEq9Fo3zP7Q2FRnC+L6a89tLuX6BZ4eIMLl3epdI7Eq/NcCZAb1EqZd/hfZCEbeU7YDmjV55il7ePGgXqvRoPOQfbGIHF34vxWzNFk7MPu6IxUqLrdBbOXp57mQ3CjPU0= ; ( RSASHA256 ) DS = concepthouse.nl IN DS 10691 8 1 f8b1f8410f758b1f99fdd2eb00384ef95a8edb74 ; ( SHA1 digest ) DS = concepthouse.nl IN DS 10691 8 2 0964ffe5fce2542904f682c65d9971c360f562054d18b0776155bb6b0bd268b7 ; ( SHA256 digest ) ID = 860 (ZSK), tag = 14754, algo = 8, bits = 1024 Active: 1 ( RSASHA256 ) ID = 861 (ZSK), tag = 58798, algo = 8, bits = 1024 Active: 0 ( RSASHA256 ) -- View this message in context: http://powerdns.13854.n7.nabble.com/Different-RRSIG-s-on-master-and-slaves-tp10349p10356.html Sent from the PowerDNS mailing list archive at Nabble.com. _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
