DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

Aleks Ostapenko aleks.ostapenko.post at gmail.com
Fri Sep 2 08:32:27 UTC 2016


 2016-08-31 19:50 GMT+07:00 Tony Finch <dot at dotat.at>:

> Aleks Ostapenko <aleks.ostapenko.post at gmail.com> wrote:
> >
> > Unfortunately, after
> >
> > 1. rndc freeze myzone
> > 2. named-comilezone -f raw -F text -o myzone.text myzone myzone.signed
> >     change TTL on DNSKEY and RRSIG DNSKEY in myzone.text
> >     named-comilezone -f text -F raw -o myzone.signed myzone myzone.text
> > 3. rndc thaw myzone
> >
> > TTL in DNSKEY and RRSIG DNSKEY records still have old values in signed
> zone
> > (checked via `dig` locally).
>
> Hmm :-(
>
> Does it work better if you increment the SOA serial number as well?
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h
> punycode
> Tyne, Dogger, Fisher, German Bight, Humber: Southwest, veering west, 4 or
> 5.
> Slight or moderate. Showers for a time. Good.
>


No - it does not help too.

So, It seems like there is no acceptable workaround in this issue for me.
In any case - thanks for help.

About this problem I have reported a bug via
https://www.isc.org/community/report-bug


Kind regards,
Aleks Ostapenko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160902/88471267/attachment.html>


More information about the bind-users mailing list