| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Debian 12 / Ubuntu 22.04 |
| Virtualmin version | 7.30.8 |
| BIND version | 9.18.33 / 9.18.30 |
So I’ve been having an issue with zone serial rollbacks after SSL renewals(wildcards), it will increment the serial several times, and somehow ends up dropping back after the renewal completes. So if the serial is 2025030100 and a renewal takes place, it will increment to 2025050100, and the logs will show several increments as the renewal is taking place to 2025050101, 2025050102, 2025050103, 2025050104, 2025050105 and stop.
However, it ends up dropping back down to 2025050100 and I’m not sure why.
I know the zone file is writable because it is updated to the 2025050100 , though I’m unsure if it actually got decremented or if it just stopped being updated after that first increment.
Now the confusing bit: if I query the server, it shows the serial as 2025050105, but the zone file shows 2025050100 and there is no .jnl file to be seen. So, if I restart the system or BIND I assume it will just reload the 2025050100 serial.
Before today’s occurrence, I also had errors in the logs about the serial going backwards on the master server, and a notice during notify attempts on the slave server that the serial was less than our current one and wouldn’t accept the transfer. These errors haven’t shown up this time(it was immediate after the first several increments) and I’m not sure if that’s just because nothing has caused BIND to restart/reload or that BIND is somehow using an in-memory journal of sorts that needs to be flushed to file but can’t be?
Does anybody know what is going on here? I want to attempt an rndc sync but I’m not sure if that will help without any actual .jnl files to be synced with…