Re: BIND - in loop rewrite zone serial no.

Le 28/01/2020 à 10:14, Milan Jeskynka Kazatel a écrit : > > Hello, > > my previous email with the same subject still waiting for moderator > approval, because email is too big. > Then I have to ask with a shorter part of the log. > > I´m facing with a suspicious behavior of my authoritative DNS

BIND - in loop rewrite zone serial no.

Hello, my previous email with the same subject still waiting for moderator approval, because email is too big. Then I have to ask with a shorter part of the log. I´m facing with a suspicious behavior of my authoritative DNS BIND 9.11.4-P2

Re: BIND - in loop rewrite zone serial no.

Le 28/01/2020 à 16:49, Milan Jeskynka Kazatel a écrit : > Hello Tony, > > thank you for the response, > > If I correctly understand, Bind should have an option to specify how > many records could be signed at the same time. Then in the zone with > 250 records it should be 3 times in the row - as

Re: BIND - in loop rewrite zone serial no.

Hello Tony,  thank you for the response, If I correctly understand, Bind should have an option to specify how many records could be signed at the same time. Then in the zone with 250 records it should be 3 times in the row - as you mentioned: "53 records at a time" if it could be the

Re: BIND - in loop rewrite zone serial no.

Milan Jeskynka Kazatel wrote: > > Why does Bind keep resign zone in a loop over and over in a few minutes? It only signs a few records at a time to avoid eating all your CPU (my server seems to average 53 records at a time, coincidentally). It spreads out re-signing according to the

VS: VL: DNSSEC zones not updated

Also, now I *can* make changes to zone data, and rndc reload updates also the signed zone data like before. Could it be that handling/format of the signed files were changed somehow between versions, and new 9.14.9 could not properly handle the 9.14.6/7 created signed files..? Just wondering,

Re: BIND - in loop rewrite zone serial no.

s://lists.isc.org/pipermail/bind-users/attachments/20200128/384ad 214/attachment-0001.htm> -- Message: 2 Date: Tue, 28 Jan 2020 09:17:54 + From: FUSTE Emmanuel To: "bind-users@lists.isc.org" Subject: Re: BIND - in loop rewrite zone serial no. Message-ID:

Re: VL: DNSSEC zones not updated

Same here See also https://serverfault.com/questions/897894/bind-is-not-resigning-dnssec-zone-after-zone-update-and-service-restart Ale On Thu 23/Jan/2020 09:57:02 +0100 Jukka Pakkanen wrote: > Yes, that worked. Also had to delete the .jnl, to prevent the "not exact" > error.. > > Jukka > >

Re: BIND - in loop rewrite zone serial no.

eys Could you please help me with troubleshooting? Best regards,? -- Smil Milan Jesky?ka Kazatel -- next part -- An HTML attachment was scrubbed... URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200128/384ad 214/attachment-0001.htm> ---

Re: BIND - in loop rewrite zone serial no.

Milan Jeskynka Kazatel wrote: > > Then how to achieve to resign the whole zone in one step? Which config > option should be affected? I don't believe that is possible with automatic signing. You can do it yourself with `dnssec-signzone` but that's fiddly and error-prone. Tony. --