[Opendnssec-user] zone updates ignored?
Gilles Massen
gilles.massen at restena.lu
Tue Nov 23 14:18:51 UTC 2010
Rickard,
>>> Do you give the command: ods-signer sign <ZONE> after each
>>> update?
>>
>> No. I let the enforcer handle that stuff (for the time being).
>
> The enforcer only gives the command: ods-signer update <ZONE> for
> config changes.
>
> If you want data to be updated, then you have to give the sign
> command. Otherwise you will get the behavior you are seeing now.
Ok, I understand. And I'm quite confused that I didn't notice that earlier.
However I would suggest that this should be highlighted somewhat in the
documentation: the current text suggest (to me at least) that the use of
ods-signer sign is completely optional. For minimizing confusion I would
also advise against ever using some parts of the unsigned file (i.e. the
serial) while ignoring the rest (the content).
Thanks for helping me out!
Best,
Gilles
--
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473
More information about the Opendnssec-user
mailing list