RRSIG query

Matthew Pounsett matt at conundrum.com
Tue Apr 10 16:28:00 UTC 2018


On 10 April 2018 at 12:05, rams <bramesh80 at gmail.com> wrote:

> Hi
> Greetings!!!!!!
> We have 1Million signed zone records in bind. My zone is going to
> auto-resign after 3 days. If we change RRSIG expire date to greater than
> two months from now then if restart bind, Can we avoid auto-resign in this
> week? is there any impact on resolution or is my zone is valid? what we
> would need to do to make my zone is valid after changing rrsig expire date
> value manually. DO we need to change any other values along with RRSIG
> expire value. Kindly look into this.
>
>
The details of your configuration are probably important here.  It'll be
difficult to give a clear, simple answer without that information.

However, if your have RRSIGs expiring this week then one of two things will
happen:  either they will be resigned this week, or your zone will go
bogus.  If you have RRSIGs expiring and you manage to delay the next
re-sign out beyond that date, then the signatures you have currently will
expire.  If you simply change the signature lifetime (and you have RRSIGs
expiring this week) then after your re-sign happens the new RRSIGs will
have the new signature lifetime, which would delay the need for the _next_
re-sign.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180410/f10071a7/attachment.html>


More information about the bind-users mailing list