Freeze/thaw and signed zone files

[@lbutlr]

>> OK, but rndc flush example.com results in:
>> rndc: 'flush' failed: not found
> 
> *FACEpalm*
> 
> I'm sorry.  I gave you the wrong command.  You want "sync", not "flush".  My brain always thinks "flush the journal to disk" when it's really supposed to be "sync the journal to disk".  You can pass the optional "-clean" command to cause BIND to remove the synced journal file.
> 
> "flush" is flushing caches, and you can optionally specify a view.  I'm guessing that you don't have a view named "example.com".
> 
>> Then service named stop, service named start.
> 
> When you use the proper commands, you don't need to restart the named service.  You can also use rndc reload without needing to restart the named service.

rndc reload did not recreate (or at least update the time stamp) on the .signed file.

But at no point do I get the new subdomains I added to the zone added to the zone.signed

I’ll try sync clean and see if I get further.

Nope, now the .signed file isn’t touched at all after the zone file is edited.

zone "example.com" { type master; file "master/example.com.signed"; update-policy local; auto-dnssec maintain; };

So I am still with a zone file that contains two subdomains that are not represented in the .signed zone file, so do not load and nothing that I do seems to be able to recreate the .signed file with the correct information.

Is the original random key that was generated at the time of signing kept somewhere? NSEC3 seems to contain a 16 character hex sting that recurs throughout the file.

-- 
all your snowflakes are urine and you can't even find the cat