Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #57
| From | Torinthiel <torinthiel@data.pl> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: Resign a zone |
| Date | 2011-11-08 10:44 +0100 |
| Message-ID | <mailman.17.1320745508.68562.bind-users@lists.isc.org> (permalink) |
| References | <CANYqYkPEkKmZ9oknPLqcyX1dBsVJd2w0UKgBjTM0WFEEag8F0Q@mail.gmail.com> |
On 2011-11-08 10:34, rams wrote: > Hi , > I have signed zone and already i have resigned two times. Now again i > am resigning zone but after resign zone , RRSIG values are not changed. > the same old values displaying. Any wrong in me. Could you please guide > me how to change RRSIG values. There could be several issues with this, please give some more info. How are you signing your zone? dnssec-signzone? automatically using bind? Some other software? If you're using dnssec-signzone and pass it old signed zone data it regenerates signatures only if signature end time falls within a period defaulting to 1/4 signature valitity time (so with default signature period it's 7.5 days). If you re-sign your zone say 10 days in advance, it won't change old signatures. You can change it with -i. Other software probably behaves similarly. Also, if you're signing your zone off-line and upload it to bind, did you remember to change SOA and reload master? Regards, Torinthiel
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: Resign a zone Torinthiel <torinthiel@data.pl> - 2011-11-08 10:44 +0100
csiph-web