<div dir="ltr">Pieter,<div><br></div><div>Thank-you for the advice!</div><div><br></div><div>Apologies for the delay responding - I was waiting to see how things would play out.</div><div><br></div><div>Unfortunately - we still had domains expire with the settings below configured.</div><div><br></div><div><div>################################# </div><div># default-soa-edit Default SOA-EDIT value </div><div># </div><div># default-soa-edit= </div><div>default-soa-edit=INCEPTION-EPOCH </div><div> </div><div>################################# </div><div># default-soa-edit-signed Default SOA-EDIT value for signed zones</div><div># </div><div># default-soa-edit-signed= </div><div>default-soa-edit-signed=INCEPTION-EPOCH </div></div><div><br></div><div>Am I missing something else that I need to be doing to trigger a rollover + increment automatically?</div><div><br></div><div>Thanks in advance,</div><div>Troy</div><img src="http://t.sidekickopen61.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v4f42lN3LjyG0d7cgzMcW13jQFLCHW1xmmfX1k1H6H0?si=4616033042300928&pi=f6fc8e5d-6203-4562-f7c3-9cced4c7d6e9" style="display:none!important" height="1" width="1"></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><span><font face="arial, helvetica, sans-serif"><br></font><div dir="ltr"><table style="border:none;border-collapse:collapse"><colgroup><col width="183"><col width="513"></colgroup><tbody><tr style="height:105pt"><td style="border-left:solid #ffffff 1pt;border-right:solid #ffffff 1pt;border-bottom:solid #ffffff 1pt;border-top:solid #ffffff 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><a href="https://really.ai/" target="_blank"><span style="font-size:9pt;color:rgb(17,85,204);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font face="arial, helvetica, sans-serif"><img src="https://lh5.googleusercontent.com/fJ0ooLX9TOgnZFZfC927uhMtVYGHAeCmY7bRObucIj-tHhg3edcxVp7AI0YagKGVnDCvouswfIzm7_EerMPBDTN8oHViaP6xMYzwGzuuQrvAF9ileSDY38ktBqe9WAiGvF5lzxs9" width="152" height="183" style="border:none"></font></span></a></p></td><td style="border-left:solid #ffffff 1pt;border-right:solid #ffffff 1pt;border-bottom:solid #ffffff 1pt;border-top:solid #ffffff 1pt;vertical-align:top;padding:5pt 5pt 5pt 5pt"><font face="arial, helvetica, sans-serif"><br></font><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:19pt;color:rgb(250,204,69);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap"><font face="arial, helvetica, sans-serif">Troy Kelly</font></span></p><p dir="ltr" style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt"><span style="font-size:12pt;color:rgb(202,207,210);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap"><font face="arial, helvetica, sans-serif">Chief Executive Officer</font></span></p><p dir="ltr" style="line-height:1.44;margin-top:0pt;margin-bottom:0pt"><a href="https://www.google.com.au/maps/place/Really+Really,+Inc./@37.791917,-122.4006616,15z/data=!4m5!3m4!1s0x0:0x7dc9cf280bcafff3!8m2!3d37.791917!4d-122.4006616" target="_blank"><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font face="arial, helvetica, sans-serif">180 Sansome Street, Level 2, San Francisco, CA 94104</font></span></a></p><p dir="ltr" style="line-height:1.44;margin-top:0pt;margin-bottom:0pt"><font face="arial, helvetica, sans-serif"><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">p.</span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> +1</span><span style="font-size:10pt;color:rgb(255,255,255);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">-</span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">650</span><span style="font-size:10pt;color:rgb(255,255,255);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">-</span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">215</span><span style="font-size:10pt;color:rgb(255,255,255);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">-</span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">6253 | </span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">p.</span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> +61</span><span style="font-size:10pt;color:rgb(255,255,255);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">-</span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">2</span><span style="font-size:10pt;color:rgb(255,255,255);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">-</span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">8039</span><span style="font-size:10pt;color:rgb(255,255,255);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">-</span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">4567 | </span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;font-weight:700;vertical-align:baseline;white-space:pre-wrap">e.</span><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap"> </span><a href="mailto:troy.kelly@really.ai" target="_blank"><span style="font-size:10pt;color:rgb(31,40,146);background-color:transparent;vertical-align:baseline;white-space:pre-wrap">troy.kelly@really.ai</span></a></font></p><font face="arial, helvetica, sans-serif"><br></font></td></tr></tbody></table></div><br></span></div></div></div></div></div></div>
<br><div class="gmail_quote">On 24 August 2017 at 17:28, Pieter Lexis <span dir="ltr"><<a href="mailto:pieter.lexis@powerdns.com" target="_blank">pieter.lexis@powerdns.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Troy,<br>
<span class=""><br>
On Thu, 24 Aug 2017 12:05:48 +1000<br>
Troy Kelly <<a href="mailto:troy.kelly@really.ai">troy.kelly@really.ai</a>> wrote:<br>
<br>
> We recently implemented DNSSEC, and then more recently had several of the<br>
> RRSIG's expire - and those domains become unoperational.<br>
><br>
> We use PowerDNS as a stealth master, with public nameservers supplied by<br>
> one of our infrastructure providers.<br>
><br>
> Where we don't make regular changes to the domain - we are going to keep<br>
> experiencing this expiry issue.<br>
><br>
> Is there some (cron job?) solution that we can implement to roll over and<br>
> notify a domain before the RRSIG's expire?<br>
><br>
> I had thought of a weekly pdnsutil increase-serial for every domain - but<br>
> it seems like a real kludge of a solution.<br>
<br>
</span>You can use the default-soa-edit-signed configuration item[1] to set the default SOA-EDIT metadata value for signed domains.<br>
The possible values and their outcomes are described on the documentation[2].<br>
In short, the SOA-EDIT value edits the SOA serial after retrieving it from the datastore so slaves see a higher SOA when the RRSIG roils.<br>
INCREMENT-WEEKS is a safe value that will add the number of weeks since the UNIX epoch to the SOA serial, but please read the whole page.<br>
<br>
Good luck!<br>
<br>
Pieter<br>
<br>
<br>
1 - <a href="https://doc.powerdns.com/authoritative/settings.html#default-soa-edit-signed" rel="noreferrer" target="_blank">https://doc.powerdns.com/<wbr>authoritative/settings.html#<wbr>default-soa-edit-signed</a><br>
2 - <a href="https://doc.powerdns.com/authoritative/dnssec/operational.html#soa-edit-ensure-signature-freshness-on-slaves" rel="noreferrer" target="_blank">https://doc.powerdns.com/<wbr>authoritative/dnssec/<wbr>operational.html#soa-edit-<wbr>ensure-signature-freshness-on-<wbr>slaves</a><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Pieter Lexis<br>
PowerDNS.COM BV -- <a href="https://www.powerdns.com" rel="noreferrer" target="_blank">https://www.powerdns.com</a><br>
______________________________<wbr>_________________<br>
Pdns-users mailing list<br>
<a href="mailto:Pdns-users@mailman.powerdns.com">Pdns-users@mailman.powerdns.<wbr>com</a><br>
<a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users" rel="noreferrer" target="_blank">https://mailman.powerdns.com/<wbr>mailman/listinfo/pdns-users</a><br>
</font></span></blockquote></div><br></div>
<br>
<span><span style="font-size:9pt;color:rgb(102,102,102);background-color:rgb(255,255,255);vertical-align:baseline;white-space:pre-wrap"><font face="Georgia">This email and any attachments may contain confidential or privileged information and may be protected by copyright. You must not use or disclose them other than for the purposes for which they were supplied. The confidentiality and privilege attached to this message and attachment is not waived by reason of mistaken delivery to you. If you are not the intended recipient, you must not use, disclose, retain, forward or reproduce this message or any attachments. If you receive this message in error please notify the sender by return email or telephone, and destroy and delete all copies. Really Really, Inc. does not accept any responsibility for any loss or damage that may result from reliance on, or use of, any information contained in this email and/or attachments.</font></span></span>