Auto-dnssec maintain and 'continous' resigning
Phil Mayers
p.mayers at imperial.ac.uk
Tue Apr 2 08:11:17 UTC 2013
On 04/01/2013 07:36 PM, Carlos M. Martinez wrote:
> Reframing the question in more general terms... Which events trigger a
> zone re-sign and reload when using "auto-dnssec maintain" ?
As someone else has already said, zone updates, signature expiration and
key events.
In particular, it's normal for the SOA serial to constantly increase in
a zone with "auto-dnssec maintain", even if nothing else happens,
because the signatures will be regenerated every N days. N depends on
your config, but is 0.75 * default_sig_life (30 days) by default i.e.
signatures are generated every 22.5 days.
More information about the bind-users
mailing list