BIND - in loop rewrite zone serial no.

[Milan Jeskynka Kazatel]

Hello Tony, 



thank you for the response,




If I correctly understand, Bind should have an option to specify how many 
records could be signed at the same time. Then in the zone with 250 records 
it should be 3 times in the row - as you mentioned: "53 records at a time" 
if it could be the number of records which can be handled at the same time.




Then how to achieve to resign the whole zone in one step? Which config 
option should be affected?




Best regards, 
-- 
Smil Milan Jeskyňka Kazatel

---------- Původní e-mail ----------
Od: Tony Finch <dot at dotat.at>
Komu: Milan Jeskynka Kazatel <KazatelM at seznam.cz>
Datum: 28. 1. 2020 13:34:33
Předmět: Re: BIND - in loop rewrite zone serial no. 
"Milan Jeskynka Kazatel <KazatelM at seznam.cz> wrote: 
> 
> Why does Bind keep resign zone in a loop over and over in a few minutes? 

It only signs a few records at a time to avoid eating all your CPU (my 
server seems to average 53 records at a time, coincidentally). It spreads 
out re-signing according to the sig-validity-interval: by default it takes 
about 3 weeks to re-sign the zone completely. You can make it a sign in 
bigger chunks to some extent by increasing sig-signing-signatures and 
sig-signing-nodes, but there are other hard-coded parameters (related to 
jitter on signature times) which make these options less effective than 
you might expect. 

Tony. 
-- 
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ 
Forties, Cromarty, Forth: Cyclonic 4 to 6, becoming west 6 or 7, perhaps 
gale 
8 later. Slight or moderate, becoming moderate or rough later. Occasional 
showers. Good, occasionally moderate. 
"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200128/0a40ddab/attachment.htm>