Automatic RRSIG Refresh in BIND 9.8.2

Latitude arlendelcastillo at
Wed Jun 14 18:14:23 UTC 2017

Due to customer requirements, I'm deploying BIND 9.8.2 on RHEL 6.8 and can
neither upgrade BIND to a newer version or upgrade to RHEL 7. I have
successfully configured a master and slave DNS server, DNSSEC, with
Transaction Signatures, and have performed a successful manual zone update,
incremented the serial number, resigned the zone, and completed a zone
transfer of a DNSSEC-signed zone file for which the master server is

I have read in Michael W. Lucas' DNSSEC Mastery book that BIND 9.9 and newer
can automatically sign zones and refresh signatures (RRSIGs), but older
versions cannot (p. 53). Unfortunately, I have to use BIND 9.8.2. Manually
efreshing RRSIGs for all zones his is quite a task to refresh signatures if
the client requires RRSIGs to be renewed once per 7 days. Is it possible to
automatically refresh RRSIGs in BIND 9.8.2 by any means automatically?

View this message in context:
Sent from the Bind-Users forum mailing list archive at

More information about the bind-users mailing list