fix(nslord): increase serial when securing zone

Until now, we did not increase the serial when securing a zone,
assuming that the zone was not on any slaves (nsmaster) yet.
Instead, we have been making sure that slaving starts by switching
the zone type from NATIVE to MASTER after securing with DNSSEC.

With 67a3737a97ac8e6d4d0815e76dea7318e44bfad5, if we hurry to
update the domain IP before this script has run, nsmaster will be
notified, and we can end up with an unsecured zone on the slave.
Once this script runs, the zone will remain unsecured on the slave
until the serial happens to increase.

This commit avoids the issue by forcing a serial increase. (There
remains a time window during the first minute of domain existence
during which we may be serving unsecured IP records.)

nslord/cronhook/secure-zones.sh

@@ -12,7 +12,7 @@ for ZONE in `echo "SELECT name FROM domains WHERE type = 'NATIVE' && id NOT IN(S
 	SALT=`head -c300 /dev/urandom | sha512sum | cut -b 1-16`
 
 	# Set up DNSSEC and switch zone type to MASTER
-	pdnsutil secure-zone $ZONE && pdnsutil set-nsec3 $ZONE "1 0 300 $SALT" && pdnsutil set-kind $ZONE MASTER
+	pdnsutil secure-zone $ZONE && pdnsutil set-nsec3 $ZONE "1 0 300 $SALT" && pdnsutil set-kind $ZONE MASTER && pdnsutil increase-serial $ZONE
 
 	# Take care of delegations
 	if [ "$PARENT" == "dedyn.io" ]; then