Primary zone not fully maintained by BIND
Jan-Piet Mens
list at mens.de
Thu May 26 09:30:10 UTC 2022
>26-May-2022 10:06:14.458 debug 3: zone penguinpee.nl/IN/external:
>zone_rekey failure: unexpected error (retry in 600 seconds)
One of the first things BIND does, if I'm reading lib/dns/zone.c correctly, is
to attempt to lock the keys, and if it fails it emits that diagnostic.
Assuming the signing is being attempted simultaneously in both views, I wonder
if that goes hand-in-hand with what Matthijs writes:
> Since 9.16.18 you should not be able to set the same key-directory for the
> same zone in different views.
So maybe using the same key directory (from the same dnssec-policy) is actually
causing the issue?
-JP
More information about the bind-users
mailing list