[Pdns-users] strange bevaviour of serial increasing

Frank Altpeter frank.altpeter at gmail.com
Thu Apr 25 14:38:33 UTC 2019 

Hi,

Am Do., 25. Apr. 2019 um 15:51 Uhr schrieb Gert van Dijk <
gertvdijk+pdns-users at gmail.com>:

> I believe the INCEPTION-INCREMENT behaves as documented [1] in your case,
> because it's within two days of inception [2] (as it's a Thursday), which
> will trigger the condition to add 2 and then increment by INCEPTION-age in
> YYYYMMDDSS format. (The actual why for that it does that is not very clear
> to me, though.)
> Are you sure you've unset the default-soa-edit setting on the slaves? It
> seems that your 's-dns.irz42.net' host is performing another soa-edit.
> All other ouput seems to work as intended. Having secondary nameservers
> serve different SOA serials is indeed not okay
>
> Well, first of all, I was indeed thinking that the default-soa-edit value
has to be set equally on both sides. So after removing this setting from
the slave part of the problem has been magically removed.

# pdnsutil increase-serial einhorn.bar
 SOA serial for zone einhorn.bar set to 2019042506

# dig +short +noshort @{master,slave} einhorn.bar SOA
einhorn.bar. 3600 IN SOA ns1.foxalpha.de. frank.altpeter.de. 2019042508
10800 3600 604800 3600
einhorn.bar. 3600 IN SOA ns1.foxalpha.de. frank.altpeter.de. 2019042508
10800 3600 604800 3600

But they still don't match the value in the database. I also don't get the
increment of two. Also, I'm not sure why this happens to unsigned zones,
since there are two settings "default-soa-edit" and
"default-soa-edit-signed", so if this increment is something needed for
signed zones, why do both settings cause it?

You're right, on first sight it seems inappropriate to set this when not
having signed zones, but since we recently moved domain provider (which is
capable of providing zone signing), I want to sign zones in the near
future, so it will be a thing soon.

The broader question I have is why you're using this setting in the first
> place if you are serving only unsigned zones. Your backend already has the
> 'retro-style' serials, so I'm not sure what's in it for you by setting it
> (what 'convenience'?). But I may not fully understand your issue perhaps.
>

The reason for this setting is that I like my serials to be in the format
YYYYMMDDSS - and as long as I got the documentation correct, the
increase-serial does increase by 1 when there is no soa-edit set (globally
or in domain metadata). I have set this because I wanted to prevent my
zones (for example) to update from 2019042508 to 2019042509 tomorrow
(because it's supposed to be 2019042601 then). I wasn't able to find out
how to create this behaviour without having soa-edit set to
inception-increment.

With kind regards
        Frank Altpeter

-- 
FA-RIPE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190425/c03c183d/attachment-0001.html>

More information about the Pdns-users mailing list