Skip to content

Misleading diagnostic in update_soa_serial indicates BIND will use increment but it doesn't

It seems to me there's a misleading (or inaccurate) diagnostic reported by BIND 9.17.11 configured with inline-signing:

zone "example" IN {
        type master;
        file "example";

        auto-dnssec maintain;
        inline-signing yes;
        serial-update-method date;
};

Upon launching named in the foreground (named -g) it reports the new serial would be lower than old serial, but I don't see that occurring.

Here named loads the unsigned zone with SOA serial 1:

14-May-2021 12:46:23.485 zone example/IN (unsigned): loaded serial 1
14-May-2021 12:42:33.648 zone example/IN (signed): loaded serial 1
14-May-2021 12:42:33.649 zone example/IN (signed): receive_secure_serial: unchanged
14-May-2021 12:42:33.649 zone example/IN (signed): reconfiguring zone keys
14-May-2021 12:42:33.655 zone example/IN (signed): next key event: 14-May-2021 13:42:33.649
14-May-2021 12:42:33.662 zone example/IN (signed): update_soa_serial:new serial would be lower than old serial, using increment method instead

Querying the SOA, I see a reasonable-looking SOA serial:

example.  86400 IN      SOA     localhost. jp. 2021051401 10800 3600 604800 3600

When the unsigned zone is loaded with serial 2021051483, the following diagnostic message is printed:

14-May-2021 12:44:41.265 zone example/IN (unsigned): loaded serial 2021051483
14-May-2021 12:44:41.266 zone example/IN (signed): loaded serial 2021051483
14-May-2021 12:44:41.267 zone example/IN (signed): receive_secure_serial: unchanged
14-May-2021 12:44:41.269 zone example/IN (signed): update_soa_serial:new serial would be lower than old serial, using increment method instead
14-May-2021 12:44:41.272 zone example/IN (signed): next key event: 14-May-2021 13:44:41.267
14-May-2021 12:44:41.279 zone example/IN (signed): update_soa_serial:new serial would be lower than old serial, using increment method instead

and querying that zone's SOA shows me:

example.  86400 IN      SOA     localhost. jp. 2021051485 10800 3600 604800 3600

In both cases the value I specified as SOA serial in the unsigned zone has been correctly set to a date.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information