peterthomassen
commented
4 years ago Also, consider using https://doc.powerdns.com/authoritative/settings.html#axfr-lower-serial
Open peterthomassen opened 4 years ago
peterthomassen
commented
4 years ago Also, consider using https://doc.powerdns.com/authoritative/settings.html#axfr-lower-serial
If a zone with a high serial (~ "made a few changes today") is deleted and recreated quickly, the SOA serial can end up being lower or equal on the primary than on the secondary nameservers. This may obstruct replication, and the zone is stuck publicly with an old DNSKEY.
To make this work correctly, also trigger replication whenever DNSKEY has changed (i.e. include it in a hash along with the serial, or something like that).