Hello, I have a multiple serve conf ispc3.2 I have 2 DNs server. ns1=master, ns2=secondary (managed with secondary dns zone panel) I face a difficulty with it : I have no idea on how to update signature and I didn't find it on google thank you for your help françoisPE
Just add and delete a random record. Signature will be updated on changes. Or resync dns records using the resync tool.
Hello, I try both, but, it had no impact ! Can I regeneate RRSIG and DNSKEY by any other way ? Remove it in bind9 folder for example ?
I see some blurred name beginning with ns2. Makes me wonder if it's a slave server? If so, isn't your problem the slave not updating? Then there may be a difference in the serial on master and slave server. There should NEVER be a difference. A difference means the slave is out of sync with the master. Your focus should then be on why the slave is not syncing.
Also, how do you sync master and slave DNS? Just asking to ensure you don't use mirroring in ISPConfig, which does not work with DNSSEC. You'l have to let BIND do the sync itself.
Yes, I run secondary zone and not mirroring It works for other zones on the same server I run dig @ns1.dom.fr test.academy DNSKEY +dnssec +multi dig @ns2.dom.fr test.academy DNSKEY +dnssec +multi it gives 2 different DNSKEY for that same zone ! so that on ns1, dnskey for key 4906 is not the same than the one on ns2 for same key !
Ok, so BIND must have an issue with syncing that zone. Check the primary zone settings and also the secondary record to ensure that everything is correct. E.g. check that the allow transfer to IP in the zone is correct. You can also try to set the IP of the secondary server as also notify IP and save, maybe this triggers the resync.
