<div dir="ltr">Hi,<div><div class="gmail_quote"><div dir="ltr">Brian Candler <<a href="mailto:b.candler@pobox.com">b.candler@pobox.com</a>> schrieb am Do., 26. Juli 2018 um 12:36 Uhr:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<blockquote type="cite"><div class="m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag"><div class="m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag"><div><div>p-dns:~ # grep SOA /var/named/slave/<a href="http://floppysheep.com" target="_blank">floppysheep.com</a> </div>
<div>@<span style="white-space:pre-wrap" class="m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag"> </span>432000<span style="white-space:pre-wrap" class="m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag"> </span>SOA<span style="white-space:pre-wrap" class="m_9186225773016162961gmail-cye-lm-tag m_9186225773016162961gmail-cye-lm-tag"> </span><a href="http://koef.zs64.net" target="_blank">koef.zs64.net</a>.
<a href="http://hostmaster.zs64.net" target="_blank">hostmaster.zs64.net</a>.
2018072400 86400 3600 3888000 300</div>
</div>
<div class="m_9186225773016162961gmail-cye-lm-tag"><br>
</div>
</div>
</div>
</blockquote>
</div><div text="#000000" bgcolor="#FFFFFF"><p>Which server is that file on? The hidden primary, real primary,
or slave?</p></div></blockquote><div>Based on the directory, it's the slave :-)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">
<p>Anyway, if I do a query now, it seems to have updated:</p>
<p><tt></tt></p></div></blockquote><div>correct. This is because I disabled the DEFAULT-SOA-EDIT setting. If I reenable it. the SOA records are as mentioned again.</div><div><br></div><div>After reading more and more of the docs, I think I might have found the reason for that. It seems that the INCEPTION-INCREMENT value for SOA-EDIT makes the serial dynamic based on the last time the zone has been signed. Which is odd, since DNSSEC is not enabled on this zone. So I think powerdns does auto-increase the serial anyway, based on the current serial, as mentioned in <a href="https://doc.powerdns.com/authoritative/dnssec/operational.html#inception-increment">https://doc.powerdns.com/authoritative/dnssec/operational.html#inception-increment</a> but without the "incremented by two" part, but with "incremented by two days" part.</div><div><br></div><div>However, I don't get why this setting affects non-DNSSEC zones.</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF">It could just be that you don't have notifications configured
properly, so the slaves (including "real primary" which is really a
slave) only update periodically. You have a refresh interval of
86400 seconds set, so it could take that long for the updates to
propagate if notifications aren't working.<br>
<br></div></blockquote><div>Nope :-)</div><div> Been there, done that, e.g. manually sent notifications to the slaves to check that, which works fine, but the serial didn't change by that.</div><div><br></div><div>Regards,</div><div>Frank</div></div></div></div>