Debug logging for auto-dnssec inline signing
Matthew Richardson
matthew-l at itconsult.co.uk
Sat Nov 9 19:00:08 UTC 2019
What "category" should one be logging in order to get details of DNSSEC
inline signing when running Bind 9.8.11?
I have an authoratitive master server with a number of domains set with:-
inline-signing yes;
auto-dnssec maintain;
and have a suspicion that Bind has simply stopped re-signing most of them.
This is based on monitoring of the time before expiry of signatures.
What I am looking for is the debug logging which shows Bind deciding what
needs resigning and when, as I would like to troubleshoot the issue. My
further suspicion is that restarting Bind would fix it.
Needless to say, there are no errors in the logs. I have tried the obvious
of turning up the "dnssec" logging to level 3, but get nothing at all so
far.
With many thanks.
Best wishes,
Matthew
More information about the bind-users
mailing list