[Pdns-users] Different RRSIG's on master and slaves

Klaus Darilion klaus.mailinglists at pernau.at
Tue Sep 24 11:19:51 UTC 2013 

Just a wild guess: Maybe the Master did a key roll over, but the serial 
was not increased. So, the slaves do not update and retransfer the zone. 
You could try increasing the serial manually. Then the slaves should 
update to the master.

See also SOA-EDIT at http://doc.powerdns.com/html/domainmetadata.html

regards
Klaus

On 24.09.2013 10:38, mvdgeijn wrote:
> Hi,
>
> I'm having trouble locating the problem why for one of our domains the RRSIG
> record is different on the master and on the slaves (on the 2 slaves they
> are identical). All DNS servers are PowerDNS servers running version 3.3
> with MySQL backend. Transfers are done using AXFR.
>
> Using dig +dnssec SOA:
>
> MASTER:
> concepthouse.nl.        3600    IN      RRSIG   SOA 8 2 3600 20131003000000
> 20130912000000 37080 concepthouse.nl.
> nbB9I23pT6eTpPrJi12J6lW6R3CvYhjD0tZgR0k5K3ZARsFc+rBULYwF
> 9yIYyMhQWHMcWFhBI8khi8U96DT8cMu884Mp/3n5N8Ey3bm5BLVDipEJ
> NErDp/1jE8JLdGOLvqIP5+3aBGCD8EhJ108OTykk0R/rEmXBCXNBP5O0 sEA=
> concepthouse.nl.        3600    IN      SOA     ns1.bhosted.nl.
> hostmaster.bhosted.nl. 2013092403 10800 3600 302400 3600
>
> SLAVE 1:
> concepthouse.nl.        3600    IN      RRSIG   SOA 8 2 3600 20131003000000
> 20130912000000 14754 concepthouse.nl.
> hnVskWJ8HvqVj77fevulu4OprL6Yq9A7JD405gspWvlhcf4dsm/Jgmwv
> fZyoHFA8Z04LmMNyfUNfXXRGd0ZufGONKU/5qSd2mTeAmapGE1ompyyP
> u5JAcaF1EYumjkwBML75mD+bBfAhJm8Z6fD0fjcvIXoMemzb3qVAMysZ iMU=
> concepthouse.nl.        3600    IN      SOA     ns1.bhosted.nl.
> hostmaster.bhosted.nl. 2013092402 10800 3600 302400 3600
>
> SLAVE 2:
> concepthouse.nl.        3600    IN      SOA     ns1.bhosted.nl.
> hostmaster.bhosted.nl. 2013092402 10800 3600 302400 3600
> concepthouse.nl.        3600    IN      RRSIG   SOA 8 2 3600 20131003000000
> 20130912000000 14754 concepthouse.nl.
> hnVskWJ8HvqVj77fevulu4OprL6Yq9A7JD405gspWvlhcf4dsm/Jgmwv
> fZyoHFA8Z04LmMNyfUNfXXRGd0ZufGONKU/5qSd2mTeAmapGE1ompyyP
> u5JAcaF1EYumjkwBML75mD+bBfAhJm8Z6fD0fjcvIXoMemzb3qVAMysZ iMU=
>
> As you can see the serials are the same, but the DNSkey number is different.
> How do I fix this? Disable DNSsec for this domain (and removing all
> DNSkeys), and after that enable it again? Or is there another way?
>
> Kind regards,
>
> Marc van de Geijn
>
>
>
> --
> View this message in context: http://powerdns.13854.n7.nabble.com/Different-RRSIG-s-on-master-and-slaves-tp10349.html
> Sent from the PowerDNS mailing list archive at Nabble.com.
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>

More information about the Pdns-users mailing list