Auto-dnssec maintain and 'continous' resigning

Phil Mayers p.mayers at imperial.ac.uk
Tue Apr 2 08:11:17 UTC 2013


On 04/01/2013 07:36 PM, Carlos M. Martinez wrote:
> Reframing the question in more general terms... Which events trigger a
> zone re-sign and reload when using "auto-dnssec maintain" ?

As someone else has already said, zone updates, signature expiration and 
key events.

In particular, it's normal for the SOA serial to constantly increase in 
a zone with "auto-dnssec maintain", even if nothing else happens, 
because the signatures will be regenerated every N days. N depends on 
your config, but is 0.75 * default_sig_life (30 days) by default i.e. 
signatures are generated every 22.5 days.


More information about the bind-users mailing list