[Pdns-users] cryptokeys.id out of sync

James Cloos cloos at jhcloos.com
Tue Jul 30 17:23:09 UTC 2013

I noticed my zones recently started failing verification.

Some time back I stopped using axfr, but haven't finished implementing
automatic replication because two of the boxen are axfr secondaries for
another zone, which makes replicating the records table complicated.

To accomplish the manual replication, I run rectify-zone in parallel on
each box after pushing each change.

Intitially all worked, but now it does not.

The only difference I could see was the cryptokeys.id field.  Eg:

  select id from cryptokeys where domain_id = 1;

shows 114, 115 and 116 on two of the boxen and 13, 14, 15 on the other two.

Otherwise the data is identical.

I presume that the unsynced .id is enough to confuse verifiers?

Is there a reasonable way out of this short of moving the axfr'ed zone
off of these servers, to make replication easy?

James Cloos <cloos at jhcloos.com>         OpenPGP: 1024D/ED7DAEA6

More information about the Pdns-users mailing list