DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

Александр Остапенко aleks.ostapenko.post at gmail.com
Mon Aug 15 08:06:57 UTC 2016


I'm using BIND 9.9.5.
My steps:

   1. Sign zone using one 1 ZSK and 2 KSK:  a) adding "*auto-dnssec
   maintain;*" and "*inline-signing yes;*" directive into zone section of
   named.conf;  b) setting publication and activation timestamps to current
   time in key files;  c) *rndc reload*.
   2. Change TTL value in the zone file ($TTL 86400   ==>  $TTL 432000).
   3. Increase serial number in SOA record by 1.
   4. *rndc reload*.

After that - DNSKEY and RRSIG DNSKEY records still have 86400 value in TTL
(checked via *dig*).
What could be the reason for such behavior?

Kind regards,
Aleks Ostapenko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160815/7acae70d/attachment.html>

More information about the bind-users mailing list