Serial numbers for inline signing
Alan Clegg
alan at clegg.com
Wed Dec 18 18:59:46 UTC 2013
On Dec 18, 2013, at 11:05 AM, Antonio Querubin <tony at lavanauts.org> wrote:
> Is there a way to keep the serial numbers synced between the primary and slaves for auto-maintained zones? Every once in a while the primary and slaves somehow get out of sync and the logs start generating error messages about the mis-match. The mis-match also gets noticed by various DNS sanity checkers.
This is an automatic feature of DNS. I’d concern myself more with “what is happening to make my serial numbers differ between my servers”.
Did it work before DNSSEC inline signing? If you “dig +nssearch zonename” what are your results?
AlanC
--
Alan Clegg | +1-919-355-8851 | alan at clegg.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131218/7b7e93bc/attachment.bin>
More information about the bind-users
mailing list