How to reset or lower the serial used in BIND DNS server’s SOA record

bindconfigurationdns

I use BIND as my DNS server at home. For my Start Of Authority (SOA record) I always use a serial in the recommended format

YYYYMMDD##

where ## is the counter for changes on that day.

Unfortunately I changed the serial and added 1 more digit by mistake.
After updating the name-daemon, I couldn't revert this anymore.

Is there a possible way to reset the serial / counter inside BIND's internal libraries?

Best Answer

"BIND's internal libraries" don't care what the serial number is. It's only agreement between the master server and slave servers that matters. In other words, BIND will happily let you decrease the serial number in a zone file without complaint.. It's just that the slaves would no longer receive updates.

Zone file serial numbers are unsigned 32-bit integers and they wrap around the largest possible 32-bit unsigned integer. So there is a way to decrease the serial number by incrementing it repeatedly until it rolls over and becomes closer to zero. There is a maximum amount by which you can increment it at a time, so you have to do this iteratively in multiple steps:

Increase the serial number by a large increment but no more than 2147483647
Wait for all of the slave servers to catch up and be up to date with the current SOA.
Repeat

You can always pick an increment such that you don't need to iterate more than twice.

Follow this HOWTO.

Related Solutions

Expose “easy” URL’s for machines on a home network. Is custom DNS/BIND the answer

First, yes, you need your own nameserver for that and bind is as good as any. Maybe a little harder to get into at first, but there are enough examples and tutorials on the internet. The advantage with bind is, that you probably won't ever miss a feature.

I suppose you are using DHCP to provide all your clients with IP Adresses and such. One of the options you can provide via DHCP is the search domain (not sure on the precise naming). Computers store this information and whenever a computer cannot resolve a name for instance movies it appends the search domain, for example home.sweet.home.org and tries again with the full name movies.home.sweet.home.org. Using your own nameserver and DHCP allows you to use short names, if that's what you're looking for.

However, you may run into problems as bind will not resolve names to a combination of ip and port. If you can't separate your web interfaces via virtual hosts (if you're using apache) you may need to give your media server multiple IPs and have those services listen on different IPs.

How to increment serial number in bind9 dns zone

You can do however you please, the only thing you must make sure is that the new serial number is greater than the old one.

Having said that, I would recommend a timestamp based approach following a scheme like:

 YYYYMMDDxx

where xx starts at 00 and is incremented for all edits on that specific day (when editing on another day, you reset xx to 00)

The main advantage of this scheme is, that you also know the date of the last modification of your zone-file at first glance.

It also makes the serial number incrementing more robust.

The alternative is to start with 1 and just increment whenever you edit the file.

If the serial number is already timestamp based (and 2015040500 looks very much like that), you shold probably stick with that decision (even if not made by you), and use the logical successor 2015042200

Best Answer

Related Solutions

Expose “easy” URL’s for machines on a home network. Is custom DNS/BIND the answer

How to increment serial number in bind9 dns zone

Related Question