inline signed zone journal goes out of sync if zone is modified when restarting bind9
Summary
When restarting bind9, it seems to be easy for inline signed zones to go out of sync with their journal. Note, the issue does not happen when reloading bind9.
BIND version used
Debian buster-backports package version 1:9.16.15-1~bpo10+1
Steps to reproduce
- configure some inline signed zone. Mine are master zones with a dnssec-policy applied.
- start bind (using /etc/init.d/named start)
- edit the zone file
- restart bind (using /etc/init.d/named restart)
- the modified zone fails to load:
zone test.lespinasse.org/IN/public (unsigned): journal rollforward failed: journal out of sync with zone
zone test.lespinasse.org/IN/public (unsigned): not loaded due to errors.
Note, everything works fine if one reloads bind (using etc/init.d/named reload, or just rndc reload). Also, the server restats without issue if one edits the zone file, reloads bind to sync up the journal, and then issues the restart.
What is the current bug behavior?
any edited zone fails to load when the server is restarted, without having been reloaded first.
What is the expected correct behavior?
reload and restart should both pick up the current zone file.
Relevant configuration files
Relevant logs and/or screenshots
I think I covered the basics; I can provide more details on request.