How to reset the serial number?
Hello all, I accidentally changed the serial number to one bigger than 32 bits and now I'm trying to reset the serial number. Following the manual of Bind9 I tried to add 2147483647 (2ˆ31-1) to the number and reload the server, but my slave is not updating to the new zone serial number. Here is what I'm doing: # dig @10.0.1.24 saturno.br SOA ... ;; ANSWER SECTION: example.br. 86400 IN SOA ns1.example.br. hostmaster.example.br. *2694341036* 7200 3600 604800 86400 ... 2694341036 + 2147483647 = 4841824683 I put this number as serial, but did not work. I also saw that when the number is over than 4,294,967,295 I have to substract 4,294,967,296. So 4841824683 - 4294967296 = 546857387. It did not work too. Does anybody knows what I'm doing wrong? I'm using Bind 9.7.3. Best regards, - Carlos Eduardo Ribas ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to reset the serial number?
On Mar 26, 2012, at 11:30 AM, Carlos Ribas wrote: I accidentally changed the serial number to one bigger than 32 bits and now I'm trying to reset the serial number. Following the manual of Bind9 I tried to add 2147483647 (2ˆ31-1) to the number and reload the server, but my slave is not updating to the new zone serial number. Shut down the slave server(s). Use scp or rsync to copy over the zone file, one with a corrected serial #. Restart the slave server(s). [ Is BIND putting SOA serial #'s into a signed int? ] Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to reset the serial number?
Hello, I was doing some tests with DNSSEC in that zone. I used one day of signature lifetime, now it is expired. All this happen when I was trying to regenerate the signature. In fact, the problem is that my master did not see the serial change. If I run dig using the master I still got the old serial number,even after restart bind. Should I have to disable DNSSEC? Regards, - Carlos Eduardo Ribas 2012/3/26 Chuck Swiger cswi...@mac.com On Mar 26, 2012, at 11:30 AM, Carlos Ribas wrote: I accidentally changed the serial number to one bigger than 32 bits and now I'm trying to reset the serial number. Following the manual of Bind9 I tried to add 2147483647 (2ˆ31-1) to the number and reload the server, but my slave is not updating to the new zone serial number. Shut down the slave server(s). Use scp or rsync to copy over the zone file, one with a corrected serial #. Restart the slave server(s). [ Is BIND putting SOA serial #'s into a signed int? ] Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to reset the serial number?
Did it reject the zone when you used a too-large serial number? If so then that explains why digging against the master doesn't show an updated serial. On Mar 26, 2012, at 11:53 AM, Carlos Ribas wrote: Hello, I was doing some tests with DNSSEC in that zone. I used one day of signature lifetime, now it is expired. All this happen when I was trying to regenerate the signature. In fact, the problem is that my master did not see the serial change. If I run dig using the master I still got the old serial number,even after restart bind. Should I have to disable DNSSEC? Regards, - Carlos Eduardo Ribas 2012/3/26 Chuck Swiger cswi...@mac.com On Mar 26, 2012, at 11:30 AM, Carlos Ribas wrote: I accidentally changed the serial number to one bigger than 32 bits and now I'm trying to reset the serial number. Following the manual of Bind9 I tried to add 2147483647 (2ˆ31-1) to the number and reload the server, but my slave is not updating to the new zone serial number. Shut down the slave server(s). Use scp or rsync to copy over the zone file, one with a corrected serial #. Restart the slave server(s). [ Is BIND putting SOA serial #'s into a signed int? ] Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind 9.6-ESV-R5 errors
Hello I get several errors whenever I run rndc reload that look like this: named[9178]: 27-Mar-2012 05:56:00.798 general: error: zone 0.IN-ADDR.ARPA/IN/view_internal_dns: zone serial unchanged. zone may fail to transfer to slaves. named[9178]: 27-Mar-2012 05:56:00.798 general: error: zone 127.IN-ADDR.ARPA/IN/view_internal_dns: zone serial unchanged. zone may fail to transfer to slaves. named[9178]: 27-Mar-2012 05:56:00.798 general: error: zone 254.169.IN-ADDR.ARPA/IN/view_internal_dns: zone serial unchanged. zone may fail to transfer to slaves. etc etc. This occurs with a very simple stripped down named.conf file: --start-- controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; }; }; logging { channel logfile { syslog daemon; severity error; print-category yes; print-severity yes; print-time yes; }; category default { logfile; }; category config { logfile; }; category notify { logfile; }; }; acl internal_addr { 10.0.0.0/8; }; options { listen-on port 53 { 127.0.0.1; internal_addr; }; listen-on-v6 port 53 { ::1; }; recursion no; directory /config/namedb; }; view view_internal_dns { match-clients { internal_addr; }; recursion yes; }; view view_externall_dns { match-clients { any; }; recursion yes; }; --end-- Upgrading bind is not currently an option. Is there a way to stop these errors? -- Jack Tavares ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind 9.6-ESV-R5 errors
In message 6134bb3286a31d4db61e57114e8ba7c0609bf...@seaembx01.olympus.f5net.co m, Jack Tavares writes: Hello I get several errors whenever I run rndc reload that look like this: named[9178]: 27-Mar-2012 05:56:00.798 general: error: zone 0.IN-ADDR.ARPA/IN/ view_internal_dns: zone serial unchanged. zone may fail to transfer to slaves . named[9178]: 27-Mar-2012 05:56:00.798 general: error: zone 127.IN-ADDR.ARPA/I N/view_internal_dns: zone serial unchanged. zone may fail to transfer to slav es. named[9178]: 27-Mar-2012 05:56:00.798 general: error: zone 254.169.IN-ADDR.AR PA/IN/view_internal_dns: zone serial unchanged. zone may fail to transfer to slaves. etc etc. Ignore them. They are from the built in empty zones. They are fixed in the next maintenance release. Mark This occurs with a very simple stripped down named.conf file: --start-- controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; }; }; logging { channel logfile { syslog daemon; severity error; print-category yes; print-severity yes; print-time yes; }; category default { logfile; }; category config { logfile; }; category notify { logfile; }; }; acl internal_addr { 10.0.0.0/8; }; options { listen-on port 53 { 127.0.0.1; internal_addr; }; listen-on-v6 port 53 { ::1; }; recursion no; directory /config/namedb; }; view view_internal_dns { match-clients { internal_addr; }; recursion yes; }; view view_externall_dns { match-clients { any; }; recursion yes; }; --end-- Upgrading bind is not currently an option. Is there a way to stop these error s? -- Jack Tavares ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Bind 9.6-ESV-R5 errors
Mark: Ignore them. They are from the built in empty zones. They are fixed in the next maintenance release. I notice that adding enable-empty-zones no; to the config stops these messages. Is there any downside to doing that? Thank you -- Jack ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: masters ordering in named.conf
On Mar 23, 2012, at 10:54 AM, Eric Chandler wrote: I have a question with regards to ordering of masters in slave zones. In the example below, will the slave zone try these in order each and every time? [...] or does it choose at random? Masters are tried in the order listed. Regards, Chris Buxton BlueCat Networks___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to reset the serial number?
On Mar 26, 2012, at 11:30 AM, Carlos Ribas wrote: Hello all, I accidentally changed the serial number to one bigger than 32 bits and now I'm trying to reset the serial number. Following the manual of Bind9 I tried to add 2147483647 (2ˆ31-1) to the number and reload the server, but my slave is not updating to the new zone serial number. Here is what I'm doing: # dig @10.0.1.24 saturno.br SOA ... ;; ANSWER SECTION: example.br. 86400 IN SOA ns1.example.br. hostmaster.example.br. 2694341036 7200 3600 604800 86400 ... 2694341036 + 2147483647 = 4841824683 I put this number as serial, but did not work. I also saw that when the number is over than 4,294,967,295 I have to substract 4,294,967,296. So 4841824683 - 4294967296 = 546857387. It did not work too. Does anybody knows what I'm doing wrong? I'm using Bind 9.7.3. You cannot reload a dynamic zone. Could that be the problem? A serial number higher than 2^32 will not load. Instead of adding 2^31 - 1, subtract 2^31 + 1. Or try adding 2^30 (or subtracting 3 * 2^30). Make sure to reload the zone after each change, or if your zone is dynamic, use a dynamic update that adds the SOA record again and sets the new serial number. Regards, Chris Buxton BlueCat Networks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind 9.6-ESV-R5 errors
In message 6134bb3286a31d4db61e57114e8ba7c0609bf...@seaembx01.olympus.f5net.co m, Jack Tavares writes: Mark: Ignore them. They are from the built in empty zones. They are fixed in the next maintenance release. I notice that adding enable-empty-zones no; to the config stops these messages. Is there any downside to doing that? The zones are from RFC 6303, Locally Served DNS Zones. Their purpose is stop reverse queries for local addresses leaving the site. Removing them shouldn't hurt but it does increase traffic on the public servers and will increase response time. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users