Bind v9.9.7-P2 inline-signing hourly?
Jim Popovitch
jimpop at gmail.com
Sat Aug 22 11:38:20 UTC 2015
Hello!
Recently upgraded a master server to bind-9.9.7-P2, in order to take
advantage of automated inline signing as detailed here:
https://kb.isc.org/article/AA-00626/0/Inline-Signing-in-ISC-BIND-9.9.0-Examples.html
One thing I've noticing is that it appears that the zones are resigned
or checked every hour:
Aug 22 06:43:59 svr7 named[3507]: zone speedyiguana.com/IN (signed):
reconfiguring zone keys
Aug 22 06:43:59 svr7 named[3507]: zone speedyiguana.com/IN (signed):
next key event: 22-Aug-2015 07:43:59.648
[snip]
Aug 22 07:43:59 svr7 named[3507]: zone speedyiguana.com/IN (signed):
reconfiguring zone keys
Aug 22 07:43:59 svr7 named[3507]: zone speedyiguana.com/IN (signed):
next key event: 22-Aug-2015 08:43:59.648
[snip]
Aug 22 08:43:59 svr7 named[3507]: zone speedyiguana.com/IN (signed):
reconfiguring zone keys
Aug 22 08:43:59 svr7 named[3507]: zone speedyiguana.com/IN (signed):
next key event: 22-Aug-2015 09:43:59.648
Is the zone being signed every hour, or is it just a check? FWIW,
the .signed and .jnl are not being modified every hour, so I suspect
that log entry is just a periodic check.. but I'm not sure.
All in all, this inline signing is awesome compared to the alternative. :-)
-Jim P.
More information about the bind-users
mailing list