RickWaukCo wrote:
> I'm trying to make a change to our internal master DNS server that
> servers our internal DNS. A change was made to the zone file. The
> serial number was updated. named was stopped and restarted. However,
> when I go to check the change, it didn't take effect.
>
> Here's the top of the zone file:
>
> **********
> $TTL 86400
> @ IN SOA dns.waukeshacounty.gov. root.dns.waukeshacounty.gov. (
> 2006110302 ; Serial Number (yyyymmddnn)
> 7200 ; Refresh Time - 2 Hours
> 1800 ; Retry Interval - 30 Minutes
> 1209600 ; Expire Interval - 2 Weeks
> 86400) ; TTL - 1 day
> **********
>
> However, when I run this dig command against the master:
>
> **********
> dig soa waukeshacounty.gov @10.100.0.5
> **********
>
> It responds with the following:
>
> **********
> ; <<>> DiG 9.2.0 <<>> soa waukeshacounty.gov @10.100.0.5
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21260
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;waukeshacounty.gov. IN SOA
>
> ;; ANSWER SECTION:
> waukeshacounty.gov. 86400 IN SOA dns.waukeshacounty.gov.
> root.dns.waukeshacounty.gov. 200611013 7200 1800 1209600 86400
>
> ;; AUTHORITY SECTION:
> waukeshacounty.gov. 86400 IN NS dns.waukeshacounty.gov.
> waukeshacounty.gov. 86400 IN NS
> dns10.waukeshacounty.gov.
>
> ;; ADDITIONAL SECTION:
> dns.waukeshacounty.gov. 86400 IN A 10.100.0.5
> dns10.waukeshacounty.gov. 86400 IN A 10.100.0.10
>
> ;; Query time: 0 msec
> ;; SERVER: 10.100.0.5#53(10.100.0.5)
> ;; WHEN: Fri Nov 3 15:38:22 2006
> ;; MSG SIZE rcvd: 147
> **********
>
> Notice how the serial number in the dig response is older than the
> serial number in the zone file.
>
> I have checked the bind logs and don't see anything in there to
> indicate any problems with the zone file, but I'm guessing there is a
> problem.
>
> Any ideas? Am I right in that it's probably a typo in the zone file?
> What's the easiest way to find the error? My zone file is huge (~1200
> lines) and I'm not the one who typically makes changes to it so it's
> hard to say where the typo might be if there is one.
>

My first thought was that you had "wrapped" the serial number, since the
new one is 10 digits and the old one is only 9 digits (was that
intentional?). But a brief review of RFC 1982 leads me to believe that
since the increment stayed under 2147483647 you should be OK (others are
welcome to check my math on that).

The only other thing that comes immediately to mind is if Dynamic Update
(i.e. "allow-update") is enabled for the zone. If that's the case and
you didn't take steps to prevent it, named might have overwritten your
manual changes with a journal merge.


- Kevin