Hi Sander,

I'm a recent ZKT-convert after being disappointed by dnssec-tools too
much. ZKT seems to work like a charm so far. I run a 'resign all
zones'-cronjob on a weekly basis and this morning i found some error
output from it, which raises questions.

The cronjob runs '/usr/bin/zkt-signer -v -v'.
Without "-r"?  Then you have to reload the zones manually, right?
And if you have problems with the serial number increment then be aware of that your zones are not reloaded potentionally are not reloaded at your slave servers.

On this pastebin https://8n1.org/9068/7c46 is relevant output from the
cronjob and my logs. The zone.db's for the zones that zkt could not
increment the serial for are perfectly fine, re-editing these zones
poses no problems at all..
Could you please post the first, let's say 10 lines of your zone.db file (at least up to and including the SOA record)?

To let ZKT increment the serial number in the SOA record, it needs a special formated SOA record with enough space for the serial number to rewrite it.

Are you using the newest version of ZKT which is 1.1.2? There was a bug in the inc_soa_serial function of earlier releases.

Best regards

Attachment: smime.p7s
Description: S/MIME Kryptografische Unterschrift

Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
zkt-users mailing list

Reply via email to