Primary zone not fully maintained by BIND
Matthijs Mekking
matthijs at isc.org
Fri May 27 13:59:35 UTC 2022
Hi,
Sorry for not replying earlier (traveling).
Yes, I would recommend key separation (that is use a different
key-directory per view).
I am going to investigate your configuration more next week, to see if
there is a hidden bug.
Best regards,
Matthijs
On 26-05-2022 14:33, Sandro wrote:
> On 26-05-2022 12:00, Sandro wrote:
>
>> Thank you, Matthijs, for pointing out the bug. Do you have any
>> suggestion for what to try first, key separation or policy separation?
>
> Well, I went for key separation. Let's see if it sticks. Last time I
> restarted BIND everything seemed fine in the beginning as well.
>
> Of course, the question remains if there's still a bug hiding here
> somewhere. I'd be happy providing more information and performing tests
> to gather information.
>
> What's been throwing me of balance over and over is the fact the zone
> file on disk can be outdated for quite some time, while the answers
> provided querying BIND with dig are already updated. But that's probably
> me getting acquainted with BIND being in charge of the zone.
>
> -- Sandro
More information about the bind-users
mailing list