Inline-signing feature request: Directly set the signed zone's serial number
Thomas Schulz
schulz at adi.com
Mon Oct 13 14:59:42 UTC 2014
> Hi,
>
> After reinitialising the inline-signing process (for example by
> removing the journal files or redeploying the master server) the
> freshly signed zone's serial number will usually be behind the
> authoritative version on the slaves causing transfers to fail
> possibly leading to expired signatures, zone expiry, etc.
If you redeploy the master server, couldn't you just copy the journal
files over from the old server? And, the rest of the time, never remove
journal files.
> Currently, bumping the serial number of the unsigned zones to exceed
> that of the slaves is required, however it would be /convenient/ to
> have a one-shot method (perhaps via rndc) for specifying the signed
> zone serial number such that this doesn't require edits to the
> unsigned zone files.
>
> This is especially useful in bootstrapping scenarios where the zone
> data is held under strict revision control or generated by some
> provisioning system that "owns" the serial number.
>
> Am I on my own with this or would others find this useful?
>
>
> Thanks,
>
> Terry
Tom Schulz
Applied Dynamics Intl.
schulz at adi.com
More information about the bind-users
mailing list