[Pdns-users] DNSSEC and Master/Slave setup
Christof Meerwald
cmeerw at cmeerw.org
Thu Feb 3 07:44:08 UTC 2011
Hi,
I kind of expected this to happen today - the master (ns.cmeerw.net)
with the keying material has now updated the RRSIG records, but the
slave (ns2.cmeerw.net, no keying material) still returns the old RRSIG
records:
; <<>> DiG 9.7.1-P2 <<>> +dnssec -t soa cmeerw.priv.at @ns.cmeerw.net
;; ANSWER SECTION:
cmeerw.priv.at. 28800 IN SOA ns.cmeerw.net. domain.cmeerw.net. 2010080601 3600 900 1814400 3600
cmeerw.priv.at. 28800 IN RRSIG SOA 8 3 28800 20110217000000 20110203000000 9895 cmeerw.priv.at. UBAaq1cNvd+u1lrYBt9XdFS8oC98d37dOSEAyyOwDp0pTP1RCskJyha2 0CXi8zv/0JYCiL3xJY6bF5wOlRcomVHoVkxmY/Zw2BUXI4NZX/l0k8Nv u0zlZ/DlHaXK8Y/FjOw0jDQP9HVocfyDqXkqklZMaSn55ZvdIEpyroAg G24=
; <<>> DiG 9.7.1-P2 <<>> +dnssec -t soa cmeerw.priv.at @ns2.cmeerw.net
;; ANSWER SECTION:
cmeerw.priv.at. 28800 IN RRSIG SOA 8 3 28800 20110210000000 20110127000000 9895 cmeerw.priv.at. b6IVcHFLnJvuL1T+OVXDDiuPOPbooVgpNHw8SI21cXoo2Q2v89+UQd7+ H/SVjFYPL5RLjyCIcGWIJOrx5Wssg8vqbVqvkaG/AGmyZqhu5S5dVo1b ipK32UrcYrsknkYmzYaHD3ew2ka9hwZYND5MK+g3FNAJxnj3fJEiHEvG Lzo=
cmeerw.priv.at. 28800 IN SOA ns.cmeerw.net. domain.cmeerw.net. 2010080601 3600 900 1814400 3600
Is there any better solution than having to run a script each week on
the master server to update the SOA serial number and reload the zone
(so the slave gets notified of the change and does an AXFR)?
Christof
--
http://cmeerw.org sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org
More information about the Pdns-users
mailing list