dnssec key events too often?
Sten Carlsen
stenc at s-carlsen.dk
Fri Jan 27 20:34:30 UTC 2017
Right, thank you so much. I now will look at logging to reduce the
clutter in the syslog since this does not call for any attention on my side.
Thanks.
On 27/01/2017 20:53, Mark Andrews wrote:
> In message <efe6ef1f-a24e-0000-340c-64de590e86f7 at s-carlsen.dk>, Sten Carlsen writes:
>> Hi all
>>
>> I have recently started using dnssec on my authoritative zones. I have
>> bind 9.9.4 (Centos7).
>>
>> I see for each zone:
>>
>> ...
>>
>> general: info: zone s-carlsen.dk/IN/external (signed): next key event: 26-Jan-2017 02:03:40.860: 1 Time
>> (s)
>> general: info: zone s-carlsen.dk/IN/external (signed): next key event: 26-Jan-2017 03:03:40.860: 1 Time
>> (s)
>> general: info: zone s-carlsen.dk/IN/external (signed): next key event: 26-Jan-2017 04:03:40.860: 1 Time
>> (s)
>> general: info: zone s-carlsen.dk/IN/external (signed): next key event: 26-Jan-2017 05:03:40.861: 1 Time
>> (s)
>>
>> ...
>>
>> This happens every hour, I think this is probably way too often? Access to the name in question is probably
>> a few times pr. day.
>>
>> The only reasonable conclusion is that I have done something stupid or not done the right thing.
>>
>> Question: what stupid thing might I have done (how to fix?) or what did
>> I miss to do?
> Nothing. You have key management in automatic mode and named needs
> to periodically check if you have created new keys or changed the
> timers of existing keys or removed a old key.
>
> Mark
>
>> --
>> Best regards
>>
>> Sten Carlsen
>>
>> No improvements come from shouting:
>>
>> "MALE BOVINE MANURE!!!"
>>
>>
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170127/ab73e547/attachment.html>
More information about the bind-users
mailing list