more flexible serial number handling in dnssec-signzone

Niobos niobos at dest-unreach.be
Fri Oct 15 17:54:08 UTC 2010


On 2010-10-15 19:38, Jay Ford wrote:
> I found myself in need of more flexibility in the way dnssec-signzone
> handled SOA serial numbers, so I hacked in a way to have the new serial
> number generated by calling strftime(3) with a user-specified time
> format.
I was on the verge of doing something similar myself a few months ago.
After some thinking, I abandoned using dates as serial. All my zones are
now dynamic, so BIND takes care of incrementing the serial at every
change, either via nsupdate or because of DNSSEC timing.

What's the advantage of using a date anyway? I too can see when a zone
was last edited, even down to the second, by watching the RRSIG(SOA) timing.

just my 2 cents,
Niobos




More information about the bind-users mailing list