bind 9.9 & inline-signing issue..

Howard Leadmon howard at leadmon.net
Mon Jan 30 10:09:27 UTC 2012 

 OK, got it, and I learned something new so figured I mention it.    I have
been using two views in my bind setup for a while here, but I guess prior to
trying to work out the inline signing with 9.9, I had never attempted to
reload an individual zone.   After firing up my google-fu for a couple on
the below problem, I realized with multiple views I have to specify them in
the reload.

 That said, instead of using 'rndc reload leadmon.org', I actually have to
use 'rndc reload leadmon.org IN external', or internal as the case may be to
separate the zone I am reloading.

 So Jan, thanks for the pointer to that, and doing the individual zone
reload does indeed cause bind 9.9rc1 to update the journal files, and then
the signed zone is updated and resigned.  Though I do have to agree with
Doug that this is only partly done, as one would really think a 'rndc
reload' would get all zones, and even if that didn't, a complete restart of
named should for sure pick up the changes.  This doesn't appear to be the
case, as I tried both ways, and nothing would update my signed zone till I
did a reload on the specific zone, in a specific view.


---
Howard Leadmon 


> -----Original Message-----
> From: bind-users-bounces+howard=leadmon.net at lists.isc.org [mailto:bind-
> users-bounces+howard=leadmon.net at lists.isc.org] On Behalf Of Howard
> Leadmon
> Sent: Monday, January 30, 2012 4:14 AM
> To: 'Jan-Piet Mens'
> Cc: bind-users at lists.isc.org
> Subject: RE: bind 9.9 & inline-signing issue..
> 
>  OK, call me stupid, but I must be missing something here.    I just tried
> what you mentioned below, and this seems to blow up major on 9.9.0rc1.
> 
> If I try 'rndc reload' it looks happy command wise:
> 
> # rndc reload
> server reload successful
> 
> 
> Now if I try 'rndc reload leadmon.org' as this is my signed zone we have
been
> discussing, I get this:
> 
> # rndc reload leadmon.org
> rndc: 'reload' failed: not found
> 
> 
>  So maybe I am missing something I should have done, and if so a cloo
would
> be most appreciated..
> 
>  Oh and I agree with Doug, if nothing else a full reload should reload all
zones.
> 
> 
> ---
> Howard Leadmon
> 
> > -----Original Message-----
> > From: Jan-Piet Mens [mailto:jpmens at gmail.com] On Behalf Of Jan-Piet
> > Mens
> > Sent: Monday, January 30, 2012 3:47 AM
> > To: Howard Leadmon
> > Cc: bind-users at lists.isc.org
> > Subject: Re: bind 9.9 & inline-signing issue..
> >
> > >  After setting up a zone with DNSSEC using inline-signing, I have
> > > run into the issue where if I do anything that updates the unsigned
> > > file that is input into BIND, that it never seems to update the
> > > signed data
> it
> > generated.
> >
> > I've previously [1] received "the Gold Star" for suggesting ;-)
> >
> >         rndc reload <zonename>
> >
> > That works well here.
> >
> >         -JP
> >
> > [1]
> > https://lists.isc.org/pipermail/bind-users/2011-November/085739.html
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe
> from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list