inline-signing: SOA serial out of sync

Axel Rau Axel.Rau at Chaos1.DE
Thu Jun 7 11:36:16 UTC 2018 

Hi all,

occasionally named 9.11.3 fails to increment SOA serial like here:

	file: 2018060605 dns: 2018060604

zone file was edited by script and a rndc reload given.
This usually works perfect, but here:

Only entry in log file:

	notify: debug 3: zone lrau.net/IN (signed): sending notify to …

Config detail:

    key-directory "master/signed/lrau.net/";
    auto-dnssec maintain;
    inline-signing yes;
    dnssec-secure-to-insecure no;

Manual fixing requires another cycle with zone file editing:

——-——-
[hermes:master/signed/lrau.net] root# service named stop
Stopping named.
Waiting for PIDS: 37110.
[hermes:master/signed/lrau.net] root# ls -l *.jbk *.jnl *.signed
-rw-r--r--  1 bind  pki_op     512 Jan 11 13:12 lrau.net.zone.jbk
-rw-r--r--  1 bind  pki_op   16409 Jun  6 21:05 lrau.net.zone.jnl
-rw-r--r--  1 bind  pki_op   50263 Jun  6 21:19 lrau.net.zone.signed
-rw-r--r--  1 bind  pki_op  682052 Jun  6 21:05 lrau.net.zone.signed.jnl
[hermes:master/signed/lrau.net] root# rm *.jbk *.jnl *.signed
[hermes:master/signed/lrau.net] root# service named start
Starting named.
[hermes:master/signed/lrau.net] root# ls -l *.jbk *.jnl *.signed
-rw-r--r--  1 bind  pki_op    512 Jun  7 12:37 lrau.net.zone.jbk
-rw-r--r--  1 bind  pki_op   8222 Jun  7 12:37 lrau.net.zone.signed
-rw-r--r--  1 bind  pki_op  57521 Jun  7 12:37 lrau.net.zone.signed.jnl
[hermes:master/signed/lrau.net] root# dig SOA lrau.net @localhost

; <<>> DiG 9.11.3 <<>> SOA lrau.net @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36163
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 9abf10cb4372b10e0eae26085b190b0d3486a4bef440b95c (good)
;; QUESTION SECTION:
;lrau.net.			IN	SOA

;; ANSWER SECTION:
lrau.net.		86400	IN	SOA	ns4.lrau.net. hostmaster.lrau.net. 2018060632 86400 7200 604800 3600
. . .
[hermes:local/etc/namedb] root#	named-checkzone lrau.net master/signed/lrau.net/lrau.net.zone
zone lrau.net/IN: loaded serial 2018060606                  <<<<<< still not in sync
OK

# edited zone file manually (serial set to 2018060640):

[hermes:master/signed/lrau.net] root# rndc reload
server reload successful
[hermes:local/etc/namedb] root#	named-checkzone lrau.net master/signed/lrau.net/lrau.net.zone
zone lrau.net/IN: loaded serial 2018060640
OK
[hermes:master/signed/lrau.net] root# dig SOA lrau.net. @localhost
. . .
;; ANSWER SECTION:
lrau.net.		86400	IN	SOA	ns4.lrau.net. hostmaster.lrau.net. 2018060640 86400 7200 604800 3600
——————


What is going wrong here?
What can I do to get this fixed?

Thanks, Axel
---
PGP-Key:29E99DD6  ☀  computing @ chaos claudius

More information about the bind-users mailing list