Re: DNSSEC zones not updated

On the master stop the server, remove the signed zones and restart. The server will regenerate the signed zones and the slaves will answer in the meantime. I’ve opened a ticket to add a code path to address the reported error automatically. Marl > On 23 Jan 2020, at 10:21, Jukka Pakkanen wrote

Re: DNSSEC zones not updated

Unfortunately here a reload or a restart Does not fix it. And the problem of course is critical... no zone updates are working. So if no reason and fix is quickly found, need to step back and remove dnssec altogether. Get Outlook for Android __

RE: DNSSEC zones not updated

Sadly, no ideas other than a shared experience. It's not just the Windows release nor is it just the 9.14 series of releases; we've been witnessing this since the 9.10 releases on Linux (whilst using inline-signing). I don't recall off the top of my head if we saw it in the 9.9 series; even for

VS: DNSSEC zones not updated

Anyone, any ideas? Lähettäjä: bind-users Puolesta Jukka Pakkanen Lähetetty: 22. tammikuuta 2020 13:30 Vastaanottaja: bind-us...@isc.org Aihe: Re: DNSSEC zones not updated And we also get after a change and a reload the "secure_serial: not exact" error, of course because the signed zone is not

Re: securing bind in todays hostile environment

Grant Taylor via bind-users wrote: > On 1/20/20 9:06 AM, N. Max Pierson wrote: > > > I was not aware there was anything built in that would let you > > add/remove/change the zone itself from the master. > > Yes, Catalog Zones. I think it's only a few years old. Catalog zones are for automatic co

Re: DNSSEC zones not updated

And we also get after a change and a reload the "secure_serial: not exact" error, of course because the signed zone is not in sync with the non-signed anymore. So I guess the question is why it is not signing automatically after updates to zone. Get Outlook for Android _

Re: DNSSEC zones not updated

On Wed, Jan 22, 2020 at 11:11:05AM +, Jukka Pakkanen wrote: > zone "gemtrade.fi" { > type master; > file "named.gemtrade"; > inline-signing yes; > auto-dnssec maintain; > }; > > $TTL 60 > @IN SOAns1.qnet.fi. helpdesk.qnet.fi. ( > 202001234 ; serial nu

Re: DNSSEC zones not updated

Yed we have quite several times by now when trying to find the culprit. Also the whole windows 2019 server. And it is not only this domain/zone, but all of them. Get Outlook for Android From: Ondřej Surý Sent: Wednesday, January 22, 2020

Re: DNSSEC zones not updated

Hi, did you try stopping BIND, removing journal files and then starting BIND again? If the signed copy of the zone got corrupted in the memory, you might be dumping the corrupted version on disk again with `rndc reload`. Ondrej -- Ondřej Surý ond...@isc.org > On 22 Jan 2020, at 12:11, Jukka Pa

Re: DNSSEC zones not updated

Both, and notifies/ixfr:s work fine. After updating the zone, the log shows the records are updated in the slaves. Feel free to query the servers... Get Outlook for Android From: Sten Carlsen Sent: Wednesday, January 22, 2020, 12:56 To: J

Re: DNSSEC zones not updated

Just a basic question, are you querying the master or a slave. If a slave, it could be the notify/transfer. Thanks Sten > On 22 Jan 2020, at 12.11, Jukka Pakkanen wrote: > > > Running BIND 9.14.9 Windows. The zone data is not updated for some reason > anymore, and same problem in all our

DNSSEC zones not updated

Running BIND 9.14.9 Windows. The zone data is not updated for some reason anymore, and same problem in all our signed zones. Example "gemtrade.fi": zone "gemtrade.fi" { type master; file "named.gemtrade"; inline-signing yes; auto-dnssec maintain; }; ; ;File: named.gem

OpenSSL PKCS#11 Support in BIND via engine_pkcs11

Dear bind-users, I wrote a wiki page describing how to integrate stock BIND 9 with PKCS#11 HSMs using OpenSSL PKCS#11 engine (from OpenSC project): https://gitlab.isc.org/isc-projects/bind9/-/wikis/BIND-9-PKCS11 If you ever worked with HSM (and even better with BIND 9 and HSMs), I would apprecia