[Opendnssec-develop] Policy configuration checker
Roy Arends
roy at nominet.org.uk
Tue Aug 18 11:54:03 UTC 2009
"Rickard Bondesson" <rickard.bondesson at iis.se> wrote on 08/18/2009
01:41:19 PM:
> > In practise, I would not require a re-sign to be a
> > re-publish. Note that re-publish might be far more costly
> > than a re-sign, if you have to pay secondary services for transit.
> >
> > Roy
> >
>
> Do I say that? ...
I was not arguing for or against any statement made, but wanted to speak
my mind about intent. But to answer your question: No. I think we are in
violent agreement. You said "a zone should not be published if we have not
received a new serial". Note that a zone is either published or not. The
soa serial number is interesting for _secondary_ servers, not primary
servers. I just wanted to make sure folks understand the premise of the
serial number in an SOA.
> Re-sign will not require re-publish.
Yes.
> Re-publishing of the signed
> zone will only happen when the unsigned zone has been assigned a new
> SOA serial.
>
> E.g. the unsigned zone will be updated every second hour with new
> content and SOA serial. The signer continuously run, but will only
> be able to re-publish the zone every second hour, because we are in
> the "SOA serial keep"-mode.
Exactly.
Roy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090818/9958cef9/attachment.htm>
More information about the Opendnssec-develop
mailing list