[Opendnssec-develop] Policy configuration checker
Rickard Bondesson
rickard.bondesson at iis.se
Tue Aug 18 11:41:19 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> In practise, I would not require a re-sign to be a
> re-publish. Note that re-publish might be far more costly
> than a re-sign, if you have to pay secondary services for transit.
>
> Roy
>
Do I say that? ...
Re-sign will not require re-publish. Re-publishing of the signed zone will only happen when the unsigned zone has been assigned a new SOA serial.
E.g. the unsigned zone will be updated every second hour with new content and SOA serial. The signer continuously run, but will only be able to re-publish the zone every second hour, because we are in the "SOA serial keep"-mode.
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSoqTX+CjgaNTdVjaAQgokgf/UtqtueXITSyXYB43kJPBML//pt2TJsZg
64QkY9NH6guamhEbZyX44OuyrpZUJ8jzKuUc5ZJss9bflXkMqX+XGOhQ06xYxMqd
MO1TKvJ1zt0Rlt2utZvbeR7LdWOMrg6vUWBvzRPVjzr5xRu227hP2WgtAQ3JgetR
ENaEe+EIALB1WpLCC64+aRKID4RPjH97yAyrVSg2bVDPLh1PNzSTv1ztJGGPcFER
DciOsV4w9vWGdrKTkHFe2hJ7iaoSa0bo1spNiI3txZpAzmZvdCQKb0F1Jpj+9YNJ
B3Yf0MrtkGiheqmeM9xuY08XChnLjZSfK4ptG3pmqClvJhjY++gjPg==
=yDtV
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list