How to update zone with dnssec-policy
Matthias Fechner
idefix at fechner.net
Sun Jul 2 11:27:30 UTC 2023
Dear all,
I have the following problem that changes in a zone file do not get
active, no matter if I reload the zone using rndc or restarting bind
9.16.42 on FreeBSD.
If I update a zone I edit the zone file, adapt the serial in the SOA and
normally do a rndc reload fechner.net.
The nameserver is more or less setup like it is described here:
https://wiki.idefix.fechner.net/freebsd/bind/
The zonefile for domain fechner.net are in directory:
/usr/local/etc/namedb/master/fechner.net
It is not a dynamic zone file or better I cannot freeze it:
rndc freeze fechner.net
rndc: 'freeze' failed: not dynamic
But if I delete the files:
fechner.net.jbk
fechner.net.signed.jnl
and restart bind, zone changes are correctly loaded and I can see an
increased serial in:
dig -t soa fechner.net.
Would be nice if someone can explain me, how I need to edit a zone file,
that has a dnssec-policy attached that modification get active, without
the need to delete the `*.[jbk|jnl] files.
Thanks a lot.
Gruß
Matthias
--
"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook
More information about the bind-users
mailing list