RE: Inline Signing does not update SOA?
> -Original Message- > From: Mark Andrews [mailto:ma...@isc.org] > Sent: Monday, May 07, 2012 4:54 PM > To: Bischof, Ralph F. (MSFC-IS40)[NICS] > Cc: bind-users@lists.isc.org > Subject: Re: Inline Signing does not update SOA? > > > In message > ov>, "Bischof, Ralph F. (MSFC-IS40) [NICS]" writes: > > Hi, > > > > I am testing with BIND 9.9.0 and inline signing. I have run upon > > something that I cannot figure out. W hen I update the SOA record of > > the master zone file, if I reload the zone with "rndc reload", the SOA > > record is updated. If I perform a stop/start of the named executable, > > the SOA change is not updated. I can even se e in the log file where > > the unsigned zone's serial number is incremented, yet the signed > > version does not ch ange. Below you can see where I started named, > stopped named, made a change in the SOA and incremented the s erial > number, then started named. After that, I incremented the serial number > once more then performed an "r ndc reload". > > If you only changed the SOA serial then this is expected behaviour. > The unsigned zone's serial is less than the signed zone's serial. > Named works out what has changed in the unsigned zone apart from the > serial and applies that to the signed zone. That said I can see a bug where > changes only to the SOA other than the serial will be ignored. I did not explain myself well. I am making changes to other parameters in the SOA besides the serial number (MNAME, Email, Retry TTL, etc). It does appear as if the changes are being ignored. Per guidance of Evan Hunt, opened Bug #29271. > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org Thank you, Ralph F. Bischof, Jr. NASA Agency IPAM/DNS/DHCP SAIC/NICS 256-544-3982 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Inline Signing does not update SOA?
In message , "Bischof, Ralph F. (MSFC-IS40) [NICS]" writes: > Hi, > > I am testing with BIND 9.9.0 and inline signing. I have run upon > something that I cannot figure out. W > hen I update the SOA record of the master zone file, if I reload the zone > with "rndc reload", the SOA record > is updated. If I perform a stop/start of the named executable, the SOA > change is not updated. I can even se > e in the log file where the unsigned zone's serial number is incremented, yet > the signed version does not ch > ange. Below you can see where I started named, stopped named, made a change > in the SOA and incremented the s > erial number, then started named. After that, I incremented the serial number > once more then performed an "r > ndc reload". If you only changed the SOA serial then this is expected behaviour. The unsigned zone's serial is less than the signed zone's serial. Named works out what has changed in the unsigned zone apart from the serial and applies that to the signed zone. That said I can see a bug where changes only to the SOA other than the serial will be ignored. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Inline Signing does not update SOA?
Hi Evan, > -Original Message- > From: Evan Hunt [mailto:e...@isc.org] > Sent: Monday, May 07, 2012 12:44 PM > To: Spain, Dr. Jeffry A. > Cc: Bischof, Ralph F. (MSFC-IS40)[NICS]; bind-users@lists.isc.org > Subject: Re: Inline Signing does not update SOA? > > > Ralph: There was a lot of discussion about this issue on the bind > > forum around the first of the year. My recollection is that with > > inline-signing enabled, stopping named, editing the zone file, and > > restarting named isn't a supported method of updating zone data. > > That was unsupported in the first alpha release of the feature, but it should > work now as long as the SOA serial is updated. I am using the released version from ISC. I always update the serial number of the unsigned zone (as I show in the original message). Is there something else that I may be doing wrong? The reason this is important to me is that the application that we use for IPAM/DNS/DHCP utilizes BIND and performs a stop/start to load new versions of the zones. Thank you, Ralph F. Bischof, Jr. NASA Agency IPAM/DNS/DHCP SAIC/NICS 256-544-3982 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Inline Signing does not update SOA?
> Ralph: There was a lot of discussion about this issue on the bind forum > around the first of the year. My recollection is that with inline-signing > enabled, stopping named, editing the zone file, and restarting named > isn't a supported method of updating zone data. That was unsupported in the first alpha release of the feature, but it should work now as long as the SOA serial is updated. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Inline Signing does not update SOA?
On Mon, May 7, 2012 at 7:31 AM, Spain, Dr. Jeffry A. wrote: >> When I update the SOA record of the master zone file, if I reload the zone >> with "rndc reload", the SOA record is updated. If I perform a stop/start of >> the named executable, the SOA change is not updated. > > Ralph: There was a lot of discussion about this issue on the bind forum > around the first of the year. My recollection is that with inline-signing > enabled, stopping named, editing the zone file, and restarting named isn't a > supported method of updating zone data. I am aware of two supported options: > 1) as you did above, edit the zone file and run 'rndc reload', 2) use > 'nsupdate'. Others will probably recall this in more detail and more > accurately. Regards, Jeff. I believe that the "official" answer is that you need to use rndc to freeze the zone, edit the zone file, and thaw the zone. You really can't edit a zone that is subject to any operation that makes use of journal files (dynamic updates, in-line signing) while the zone may be changing during the edit. -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Inline Signing does not update SOA?
> When I update the SOA record of the master zone file, if I reload the zone > with "rndc reload", the SOA record is updated. If I perform a stop/start of > the named executable, the SOA change is not updated. Ralph: There was a lot of discussion about this issue on the bind forum around the first of the year. My recollection is that with inline-signing enabled, stopping named, editing the zone file, and restarting named isn't a supported method of updating zone data. I am aware of two supported options: 1) as you did above, edit the zone file and run 'rndc reload', 2) use 'nsupdate'. Others will probably recall this in more detail and more accurately. Regards, Jeff. Jeffry A. Spain Network Administrator Cincinnati Country Day School ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
