Hi Klaus, thanks for your reply. Well, yes, couple of other methods work correctly, but the case is kind of special as for the serial format change I need to avoid (with all that old dogs/new tricks stuff). Described behaviour seems buggy at the moment, therefore I hoped to see the reason why it works that way and if that is really the intended way it should work...
Thanks anyway ;-) Tomas On Wed, Aug 31, 2022 at 11:37:11PM +0200, Klaus Darilion via Pdns-users wrote: > Hi Tomas! > > I can not speak about INCEPTION-INCREMENT. But I remember when we had to > decide which increment-method to choose we have chosen INCREMENT-WEEKS > because it is the only method that works always - regardless of the serial > format chosen by the zone editor. With INCREMENT-WEEKS the serial does not > look nice nice, but it works. > > regards > Klaus > > > -----Ursprüngliche Nachricht----- > > Von: Pdns-users <pdns-users-boun...@mailman.powerdns.com> Im > > Auftrag von Tomas Habarta via Pdns-users > > Gesendet: Donnerstag, 25. August 2022 10:42 > > An: pdns-users@mailman.powerdns.com > > Betreff: [Pdns-users] INCEPTION-INCREMENT for a signed zone > > > > Hello, > > > > could anyone please shed some light on SOA-EDIT for a signed zone? > > > > Setup: > > PowerDNS Authoritative Server 4.6.2, hidden master, isc bind slaves, bind > > backend, default-soa-edit-signed=INCEPTION-INCREMENT, zone makes use > > of YYYYMMDDSS serial > > > > Situation: > > I have got a zone which is "maintained" by people who don't know (and even > > don't want to know) anything about dnssec. They just use it the same way > > for ages -- open file, add/remove record, increase serial and reload. > > Recently, there has been a pressure on to sign this zone as it is a subzone > > of > > already signed one... > > Since the serial is YYYYMMDDSS format, they are used to start with 00 which > > then makes trouble when using INCEPTION-INCREMENT for soa-edit-signed. > > > > On inception day: > > When RRSIG changes on inception day, serial is correctly increased, but when > > it comes to the zone modification the same day, with the second edit, there > > is no serial increase, so it looks like this (202208 part omitted): > > > > zone pdns > > ------------ > > 2307 -> 2501 > > 2500 -> 2502 1st zone edit > > 2501 -> 2502 2nd zone edit > > 2502 -> 2503 > > 2503 -> 2504 > > > > Problem is the second edit as no serial increase means no public masters > > update -- we run a hidden master, so this is not much a real big thing but > > still > > a bit confusing. Reading operation instructions does not make it more clear > > as > > it seems to be dated (increment 2). Looking at the source in > > pdns/serialtweaker.cc and history of the changes (mainly #2377) it seems it > > used to be that way but had another consequences... > > I am sure there must be some historical reasons why it was designed the way > > it is (mainly initial skip by 2 seems to complicate things unnecessarily), > > but > > with my limited view I am unable to spot them or see the possible harm on > > other parts of pdns... Of course, I can work around that, but this still > > involve a > > human factor... > > Anyway, any information on this will be appreciated. > > > > > > Many thanks > > Tomas > > _______________________________________________ > > Pdns-users mailing list > > Pdns-users@mailman.powerdns.com > > https://mailman.powerdns.com/mailman/listinfo/pdns-users > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
