-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/14/13 12:39 PM, Alan Clegg wrote:
>> In this case, I started with a serial of 2013092700, incremented
>> it to 2013092701, and reloaded. 'dig soa' would still return
>> 2013092700.
>>
>> Problem is, bind logged the current serial number as 2013
On Oct 14, 2013, at 9:12 PM, David Newman wrote:
> Thanks very much for your responses. Per my comments inline below,
> this actually wasn't broken to begin with, but I just wasn't seeing it.
8-) No problems.
> > So, I'm going to jump back a bit here If the configuration that
> > you post
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Alan,
Thanks very much for your responses. Per my comments inline below,
this actually wasn't broken to begin with, but I just wasn't seeing it.
On 10/14/13 10:43 AM, Alan Clegg wrote:
>
> On Oct 13, 2013, at 9:03 PM, David Newman
> wrote:
>
>>
On Oct 14, 2013, at 7:43 PM, Alan Clegg wrote:
> == Commands typed ==
> root@server00:/etc/namedb# ls
> bind.keys keys master named.conf rndc.key
> root@server00:/etc/namedb# cd master
> root@server00:/etc/namedb/master# ls
> example.com example.com.jbk example.com.signed example.com.sign
On Oct 13, 2013, at 9:03 PM, David Newman wrote:
> >>> This is where things fall apart. I run 'rndc freeze' and
> >>> increment the zone file's serial number (or make any other
> >>> change), and then run 'rndc thaw' and 'rndc reload'.
So, I'm going to jump back a bit here If the configurat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/13/13 1:34 AM, Alan Clegg wrote:
>
> On Oct 12, 2013, at 7:59 PM, Alan Clegg wrote:
>
>>
>> On Oct 11, 2013, at 10:54 PM, David Newman
>> wrote:
>>
>>> 4. "Check that the new server is working and you can update the
>>> zone by using nsupda
On Oct 12, 2013, at 7:59 PM, Alan Clegg wrote:
>
> On Oct 11, 2013, at 10:54 PM, David Newman wrote:
>
>> 4. "Check that the new server is working and you can update
>> the zone by using nsupdate."
>>
>> This is where things fall apart. I run 'rndc freeze' and increment the
>> zone file's se
On Oct 11, 2013, at 10:54 PM, David Newman wrote:
> 4. "Check that the new server is working and you can update
> the zone by using nsupdate."
>
> This is where things fall apart. I run 'rndc freeze' and increment the
> zone file's serial number (or make any other change), and then run 'rndc
>
On 10/4/13 10:23 AM, David Newman wrote:
> On 10/3/13 5:27 PM, Sten Carlsen wrote:
>> This works for me and is the standard method:
>>
>> rndc freeze
>> update serial
>> rndc thaw
>
> Bingo. Thanks!
Sorry, spoke too soon. I followed your instructions and Mark's but I'm
not seeing the zone file se
On 10/3/13 5:27 PM, Sten Carlsen wrote:
> This works for me and is the standard method:
>
> rndc freeze
> update serial
> rndc thaw
Bingo. Thanks!
dn
>
> Rndc freeze merges the .jnl files into the zone files and stops dynamic
> updates. Thaw allows dynamic updates to resume.
>
> On 04/10/13 0
This works for me and is the standard method:
rndc freeze
update serial
rndc thaw
Rndc freeze merges the .jnl files into the zone files and stops dynamic
updates. Thaw allows dynamic updates to resume.
On 04/10/13 02.12, David Newman wrote:
> Thanks all for your responses.
>
> On 10/1/13 6:42 PM
Thanks all for your responses.
On 10/1/13 6:42 PM, Mark Andrews wrote:
> As Alan said copy the .key and .private files over.
>
> Disable updating on the old master.
>
> Transfer the zone contents by setting up as a slave
> using "masterfile-format text"; or using by using dig.
> This will give y
As Alan said copy the .key and .private files over.
Disable updating on the old master.
Transfer the zone contents by setting up as a slave
using "masterfile-format text"; or using by using dig.
This will give you the most up to date version of the
zone.
dig axfr zone +onesoa @oldmaster
On Oct 1, 2013, at 9:04 PM, Sten Carlsen wrote:
>
> On 02/10/13 02.47, Alan Clegg wrote:
>> On Oct 1, 2013, at 8:27 PM, David Newman
>> wrote:
>>
>>
>>> On 10/1/13 2:16 PM, David Newman wrote:
>>>
Is there a recommended order of operations when moving DNSSEC-enabled
nameservers t
On 02/10/13 02.47, Alan Clegg wrote:
> On Oct 1, 2013, at 8:27 PM, David Newman wrote:
>
>> On 10/1/13 2:16 PM, David Newman wrote:
>>> Is there a recommended order of operations when moving DNSSEC-enabled
>>> nameservers to a hidden-master setup?
>> Actually, this is really a more general questi
On Oct 1, 2013, at 8:27 PM, David Newman wrote:
> On 10/1/13 2:16 PM, David Newman wrote:
>> Is there a recommended order of operations when moving DNSSEC-enabled
>> nameservers to a hidden-master setup?
>
> Actually, this is really a more general question: Is there a recommended
> order of ope
On 10/1/13 2:16 PM, David Newman wrote:
> Is there a recommended order of operations when moving DNSSEC-enabled
> nameservers to a hidden-master setup?
Actually, this is really a more general question: Is there a recommended
order of operations when migrating zones between any two DNSSEC-enabled
n
Is there a recommended order of operations when moving DNSSEC-enabled
nameservers to a hidden-master setup?
I'm hoping it's just as simple as moving all these files into place on
the hidden master:
*.key
*.private
managed-keys.bind
*.jbk
*.jnl
*.signed
*.signed.jnl
If not, what do I need to do?
18 matches
Mail list logo
