BIND 9.11.1-P3 revives expired zones briefly during reconfig

[Mukund Sivaraman]

Hi Anand

On Sun, Aug 06, 2017 at 09:30:01AM +0200, Anand Buddhdev wrote:
> Hello BIND developers,
> 
> I've updated from BIND 9.10 to 9.11, and noticed the following happening
> whenever "rndc reconfig" is run:
> 
> 05-Aug-2017 11:11:42.066 general: received control channel command
> 'reconfig'
> 05-Aug-2017 11:11:42.066 general: loading configuration from
> '/etc/named/named.conf'
> ...
> ...
> 05-Aug-2017 11:11:42.525 general: zone 116.195.in-addr.arpa/IN/main:
> loaded serial 2017020301
> 05-Aug-2017 11:11:42.525 general: zone 116.195.in-addr.arpa/IN/main: expired
> 05-Aug-2017 11:11:42.533 general: zone egouv.ci/IN/main: loaded serial
> 2017062009
> 05-Aug-2017 11:11:42.606 general: zone 232.128.in-addr.arpa/IN/main:
> loaded serial 2017071557 (DNSSEC signed)
> 05-Aug-2017 11:11:42.638 general: zone 43.137.in-addr.arpa/IN/main:
> loaded serial 2017071100
> 05-Aug-2017 11:11:42.638 general: zone 43.137.in-addr.arpa/IN/main: expired
> 05-Aug-2017 11:11:42.639 general: any newly configured zones are now loaded
> 05-Aug-2017 11:11:42.639 general: zone egouv.ci/IN/main: expired
> 05-Aug-2017 11:11:42.646 general: zone 232.128.in-addr.arpa/IN/main: expired
> 05-Aug-2017 11:11:42.659 general: running
> 
> For a moment, BIND loads expired zones, and even answers queries for
> them, and then sets their state back to expired. This didn't happen on
> 9.10, but has been happening on 9.11. Is there a reason this behaviour
> has changed?

Which exact version of 9.11 is this? Is their master NSD or some 3rd
party signer? Can you create a bug ticket with your named config
(named-checkconf -px) ?

		Mukund