Serial numbers for inline signing
Evan Hunt
each at isc.org
Thu Dec 19 06:22:06 UTC 2013
On Wed, Dec 18, 2013 at 08:06:22PM -1000, Antonio Querubin wrote:
> Currently the serial numbers are all in sync. What I don't understand is
> what condition cause them to get out of sync (ie. the slave's serial
> number exceeds the master's serial number).
You're using inline-signing? Which server do you have doing the signing?
Name servers can get out of sync because the slaves haven't refreshed
recently, but in that case I would expect the master would be ahead of
the slave, not the other way around.
If you're using inline-signing and you have the slave signing, then
the slave's serial number would get ahead of the master's... but in
that case, the master should be "hidden" -- it shouldn't be listed
in the NS RRset for the zone, and a consistency check should ignore
it.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list