dnssec (re)signing and journaling
Edwardo Garcia
wdgarc88 at gmail.com
Fri Dec 14 00:13:10 UTC 2018
Hi,
What is the best practice for signing/re-singing zones with journal?
We manually resign our domain, and use journaling, resigning is a PIA.
if we forget to thaw, the zone bails and stays unloaded because journal
roll forward error, which bring the question why? since resolution to this
is stop named, remove journal file and restart, could named and rndc not be
smarter in these instance? or at very least, reload zone from file so at
least it does not take unsuspecting peoples off air.
So, way we (try to remember to) do is:
(modify zonefile if need)
rndc freeze
dnssec-signzone -options
rndc thaw
or is better way? it is the freeze/thaw we keep forgetting :-!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181214/ed76adb6/attachment.html>
More information about the bind-users
mailing list