"rndc sign", "auto-dnssec maintain" and TYPE65534 record "stickyness"?

Phil Mayers p.mayers at imperial.ac.uk
Tue Nov 27 18:24:36 UTC 2012

On 27/11/12 09:13, Cathy Almond wrote:

> It's tricky to answer your questions since this was on BIND 9.7.0 which
> has been substantially updated between 9.7.0 and 9.7.7 (the CHANGES log
> of 9.7.7 might give you some clues).  But also of particular relevance
> to this would be the change in how automatic resigning is done when
> there's a key rollover.  It was blogged about here:
> https://www.isc.org/community/blog/201006/bind-972-and-and-automatic-dnssec-signing
> Hope this helps.

Thanks - that's a very helpful and relevant document.

It sounds like what I ran into was actually the *expected* behaviour for 
that version. That being the case, I'm puzzled why it didn't happen with 
previous two ZSK rollover I did.

However, given there have been extensive changes, I'll just re-test on 
the bench and write it off to experience.


More information about the bind-users mailing list