BIND - in loop rewrite zone serial no.
dot at dotat.at
Tue Jan 28 12:31:57 UTC 2020
Milan Jeskynka Kazatel <KazatelM at seznam.cz> wrote:
> Why does Bind keep resign zone in a loop over and over in a few minutes?
It only signs a few records at a time to avoid eating all your CPU (my
server seems to average 53 records at a time, coincidentally). It spreads
out re-signing according to the sig-validity-interval: by default it takes
about 3 weeks to re-sign the zone completely. You can make it a sign in
bigger chunks to some extent by increasing sig-signing-signatures and
sig-signing-nodes, but there are other hard-coded parameters (related to
jitter on signature times) which make these options less effective than
you might expect.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty, Forth: Cyclonic 4 to 6, becoming west 6 or 7, perhaps gale
8 later. Slight or moderate, becoming moderate or rough later. Occasional
showers. Good, occasionally moderate.
More information about the bind-users