[Opendnssec-develop] Zone re-sign interval and SOA serial

Rickard Bondesson rickard.bondesson at iis.se
Mon May 18 13:56:22 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

If the re-sign interval is set to 4 hours and the signer receives a new zone file every second hour (with updated SOA serial), will the internal counter for the re-sign interval be reset when the updated zone is signed? And thus will new signatures newer be generated out-of-sync with the zone transfers? And no SOA serial is needed to be updated within the signer?

If we have add an option to the configuration xml that will prevent the system from updating the SOA serial, no new signatures can be pushed out from the system until a zone file with a new SOA serial is received?

E.g. element Serial { "counter" | "unixtime" | "datecounter" | "none" }

// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBShFpBuCjgaNTdVjaAQhocgf/Y3EvKN+PReD6fxEXX6esABkUmRuH0CqW
0Z9gyzM0P3Ih32mHqDA0CtSxvha4AO3Az9XV9CUJfRpdm5p/SEjmEW0dxQhfvXwR
1EaEI2lcStfT00Q0HF7rpV0g2WmlARUw2ppaoj/wNMBmQ4tbHUNF47cibtxXAg1+
p19zzPom7I4MVAYG9GqAXMHC70FGMllpW+MQ2Ppqc7kDIDorVWU3HK+MpRaiGyA3
wFi0EEW+skKEBhVjLqlA4vhQVo+bhf6C2HUeKAbadTev9rN5X+dQhZtIjdL72KLI
oLMeaS2pO3LPQ6tz7eE32q+oEO1xcsW5LwJ/fYL/ksEG2ns3BUuJVQ==
=bmrY
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list