Quoting Holger Zuleger (holger.zule...@hznet.de):

> >The cronjob runs '/usr/bin/zkt-signer -v -v'.
> Without "-r"?  Then you have to reload the zones manually, right?

Yep. That's deliberate. ;)

For completeness sake, this is my 'dnssec' script, the cronjob calls this
with 'resign all' as params: https://8n1.org/9072/3596

I can also call it with 'dnssec edit freshdot.net' to edit and resign
just that zone. Works like charm, really.

> And if you have problems with the serial number increment then be
> aware of that your zones are not reloaded potentionally are not
> reloaded at your slave servers.

Well, i never had any problems so far. I switched to ZKT on the 15th of
April this year so the 'resign all' cronjob ran for a couple of weeks
without issues. If needed i might still have those mails with output
from those runs... ;)

I read about the specific format of the SOA serial, my zones were
already formatted 'the right way', and ZKT never complained about it

> Could you please post the first, let's say 10 lines of your zone.db
> file (at least up to and including the SOA record)?

For the 'vm.freshdot.net' zone which gave an error, the zone looks
like https://8n1.org/9073/05fa now. The serial has always been like
that. ;)

> Are you using the newest version of ZKT which is 1.1.2?
> There was a bug in the inc_soa_serial function of earlier releases.

Oh, i failed to mention that.
Yes, this is ZKT 1.1.2.

Thanks for your time!
| Not one shred of evidence supports the notion that life is serious.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2

Attachment: signature.asc
Description: Digital signature

Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
zkt-users mailing list

Reply via email to