Misleading diagnostic in update_soa_serial indicates BIND will use increment but it doesn't
It seems to me there's a misleading (or inaccurate) diagnostic reported by BIND 9.17.11 configured with inline-signing:
zone "example" IN {
type master;
file "example";
auto-dnssec maintain;
inline-signing yes;
serial-update-method date;
};
Upon launching named in the foreground (named -g
) it reports the new serial would be lower than old serial, but I don't see that occurring.
Here named loads the unsigned zone with SOA serial 1
:
14-May-2021 12:46:23.485 zone example/IN (unsigned): loaded serial 1
14-May-2021 12:42:33.648 zone example/IN (signed): loaded serial 1
14-May-2021 12:42:33.649 zone example/IN (signed): receive_secure_serial: unchanged
14-May-2021 12:42:33.649 zone example/IN (signed): reconfiguring zone keys
14-May-2021 12:42:33.655 zone example/IN (signed): next key event: 14-May-2021 13:42:33.649
14-May-2021 12:42:33.662 zone example/IN (signed): update_soa_serial:new serial would be lower than old serial, using increment method instead
Querying the SOA, I see a reasonable-looking SOA serial:
example. 86400 IN SOA localhost. jp. 2021051401 10800 3600 604800 3600
When the unsigned zone is loaded with serial 2021051483
, the following diagnostic message is printed:
14-May-2021 12:44:41.265 zone example/IN (unsigned): loaded serial 2021051483
14-May-2021 12:44:41.266 zone example/IN (signed): loaded serial 2021051483
14-May-2021 12:44:41.267 zone example/IN (signed): receive_secure_serial: unchanged
14-May-2021 12:44:41.269 zone example/IN (signed): update_soa_serial:new serial would be lower than old serial, using increment method instead
14-May-2021 12:44:41.272 zone example/IN (signed): next key event: 14-May-2021 13:44:41.267
14-May-2021 12:44:41.279 zone example/IN (signed): update_soa_serial:new serial would be lower than old serial, using increment method instead
and querying that zone's SOA shows me:
example. 86400 IN SOA localhost. jp. 2021051485 10800 3600 604800 3600
In both cases the value I specified as SOA serial in the unsigned zone has been correctly set to a date.