[Opendnssec-user] Automatic resign

Antti Ristimäki aristima at csc.fi
Thu Feb 11 08:45:38 UTC 2010


On Thu, 2010-02-11 at 10:26 +0200, Patrik Wallström wrote:
> On Feb 11, 2010, at 6:50 AM, Antti Ristimäki wrote:
> 
> > Hi,
> > 
> > Is it possible to disable the automatic resign altogether and rely on
> > triggering the signing process via some external script only that is
> > executed periodically?
> > 
> > Sure we can set the <Resign> interval high enough but I was just
> > wondering whether the automatic resign could be disabled by setting the
> > <Resign> value to zero or something?
> 
> 
> If you set the <Serial> option to "keep" in the <SOA> block in kasp.xml, you might get what you want. What happens then is that you only resign when the SOA serial has increased, and you can trigger that with "ods-signer sign zonename". Will that work for you?

Yes, actually we are currently doing it this way and it seems to work. I
was just curious to know whether it could be possible to disable the
automatic resign altogether so that the signer wouldn't even try to sign
the zone automatically.

Antti





More information about the Opendnssec-user mailing list