BIND - in loop rewrite zone serial no.

Tony Finch dot at
Tue Jan 28 12:31:57 UTC 2020

Milan Jeskynka Kazatel <KazatelM at> wrote:
> Why does Bind keep resign zone in a loop over and over in a few minutes?

It only signs a few records at a time to avoid eating all your CPU (my
server seems to average 53 records at a time, coincidentally). It spreads
out re-signing according to the sig-validity-interval: by default it takes
about 3 weeks to re-sign the zone completely. You can make it a sign in
bigger chunks to some extent by increasing sig-signing-signatures and
sig-signing-nodes, but there are other hard-coded parameters (related to
jitter on signature times) which make these options less effective than
you might expect.

f.anthony.n.finch  <dot at>
Forties, Cromarty, Forth: Cyclonic 4 to 6, becoming west 6 or 7, perhaps gale
8 later. Slight or moderate, becoming moderate or rough later. Occasional
showers. Good, occasionally moderate.

More information about the bind-users mailing list