Hi,
Disabling inline-signing is a good workaround. The issue is that BIND
with inline-signing maintains a signed file separately and needs to bump
the SOA SERIAL.
The serial queried is for the DNSSEC signed zone, but the dynamic update
is done against the unsigned version of the zone. Hence
Am 08.07.2023 um 08:48 schrieb Matthias Fechner:
If I try now to update some records remotely on the server I see in
the log of the server:
==> /var/named/var/log/named.log <==
08-Jul-2023 07:40:22.962 update-security: info: client @0x848ac0760
93.182.104.69#18475/key
Am 05.07.2023 um 13:13 schrieb Matthias Fechner:
So far, nsdiff generates expected output, next step is now to apply
the changes in an automated way.
If I try now to update some records remotely on the server I see in the
log of the server:
==> /var/named/var/log/named.log <==
08-Jul-2023
Hi Nick,
Am 04.07.2023 um 08:17 schrieb Nick Tait via bind-users:
It looks like nobody solved your /original/ problem? If you are still
looking for an answer it might help if you posted some logs? The
people on this list are good at interpreting any errors you're seeing. :-)
thanks a lot for
Am 04.07.2023 um 10:16 schrieb Matthew Seaman:
By default, the primary server will end up with a `fetchner.net` zone
data file in text format which contains the pretty much the same RRs
as your master copy in git, but reformatted into a standard style,
sorted into order and with comments
On 03/07/2023 19:36, Matthias Fechner wrote:
What I understood from the documentation:
*-s* /server/[#/port/]
I can maintain e.g. my zones from my local computer at home inside a git
repository and use nsdiff and nspatch to push the changes to the server
in the internet?
Correct.
Does the
Hi Matthias.It looks like nobody solved your /original/ problem? If you are
still looking for an answer it might help if you posted some logs? The people
on this list are good at interpreting any errors you're seeing. :-)Nick.
Original message From: Matthias Fechner
Date:
Am 02.07.2023 um 16:41 schrieb Matthew Seaman:
Personally, I maintain zone files with DNSSEC signing on FreeBSD using
the dns/p5-DNS-nsdiff port, which is a perl module written by Tony
Finch -- someone well known on this list.
You can keep your zone files in git or whatever code repository
On 02/07/2023 12:27, Matthias Fechner wrote:
I have the following problem that changes in a zone file do not get
active, no matter if I reload the zone using rndc or restarting bind
9.16.42 on FreeBSD.
If I update a zone I edit the zone file, adapt the serial in the SOA and
normally do a rndc
9 matches
Mail list logo
