DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL
Aleks Ostapenko
aleks.ostapenko.post at gmail.com
Fri Sep 2 08:32:27 UTC 2016
2016-08-31 19:50 GMT+07:00 Tony Finch <dot at dotat.at>:
> Aleks Ostapenko <aleks.ostapenko.post at gmail.com> wrote:
> >
> > Unfortunately, after
> >
> > 1. rndc freeze myzone
> > 2. named-comilezone -f raw -F text -o myzone.text myzone myzone.signed
> > change TTL on DNSKEY and RRSIG DNSKEY in myzone.text
> > named-comilezone -f text -F raw -o myzone.signed myzone myzone.text
> > 3. rndc thaw myzone
> >
> > TTL in DNSKEY and RRSIG DNSKEY records still have old values in signed
> zone
> > (checked via `dig` locally).
>
> Hmm :-(
>
> Does it work better if you increment the SOA serial number as well?
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h
> punycode
> Tyne, Dogger, Fisher, German Bight, Humber: Southwest, veering west, 4 or
> 5.
> Slight or moderate. Showers for a time. Good.
>
No - it does not help too.
So, It seems like there is no acceptable workaround in this issue for me.
In any case - thanks for help.
About this problem I have reported a bug via
https://www.isc.org/community/report-bug
Kind regards,
Aleks Ostapenko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160902/88471267/attachment.html>
More information about the bind-users
mailing list