Hi Sander,
I'm a recent ZKT-convert after being disappointed by dnssec-tools too much. ZKT seems to work like a charm so far. I run a 'resign all zones'-cronjob on a weekly basis and this morning i found some error output from it, which raises questions.The cronjob runs '/usr/bin/zkt-signer -v -v'.
Without "-r"? Then you have to reload the zones manually, right?And if you have problems with the serial number increment then be aware of that your zones are not reloaded potentionally are not reloaded at your slave servers.
Could you please post the first, let's say 10 lines of your zone.db file (at least up to and including the SOA record)?On this pastebin https://8n1.org/9068/7c46 is relevant output from the cronjob and my logs. The zone.db's for the zones that zkt could not increment the serial for are perfectly fine, re-editing these zones poses no problems at all..
To let ZKT increment the serial number in the SOA record, it needs a special formated SOA record with enough space for the serial number to rewrite it.
Are you using the newest version of ZKT which is 1.1.2? There was a bug in the inc_soa_serial function of earlier releases.
Best regards Holger
smime.p7s
Description: S/MIME Kryptografische Unterschrift
------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________ zkt-users mailing list zkt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zkt-users