[Opendnssec-user]New zone can not be digged after resigning

Matthijs Mekking matthijs at nlnetlabs.nl
Mon Aug 6 12:43:45 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Stuart,

If you have added new RRs to the unsigned zonefile, you should run

$ ods-signer sign <zone>

to tell OpenDNSSEC there is a new version of the unsigned zone.

Best regards,
Matthijs

On 08/06/2012 02:35 PM, 刘硕 wrote:
> Hi all,
> 
> I'm signing a zone using Adapter DNS, when I added some new RR to
> the unsigned zone file in /unsigned directory, I assumed that after
> the next resigning period, I could dig the data out, but after 3
> resigning period, I still could not get them from BIND, but the
> syslog recorded every resigning detail, it worked well, I found
> that the new RR did not exist in the signed zone file. So, will
> OpenDNSSEC reload all the /unsigned zone files into memory to
> resign or some other method? But I cant understand why it can not
> detect the newly add RRs and sign them.
> 
> 
> Best regards, Stuart


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQH7wBAAoJEA8yVCPsQCW5Y8sH+wdkYwVXvE8s/W+H5QN6tW5q
W/QKUj4A5vaE6KM7piiIWvCaEz5zIoPCOOBVY8DYZm1t3reoA+LST26v3FZBoz7a
yuyC1+k4NQWC0tEQs+o1MNlnZfO4Zc1MCT/HKbnNmgNqJClQBHPfTpAB2DcQPbu6
NwaBTTmumK1VWl+YjAr4RYqmT/PvWQac8J7vlhh7VkizQU+a/8d9aSL82/TO9nmG
cxnkTgm+2j4AVq3jN63j1BXfKS83RFqGLUY6DcNJIKBs7EwChjX0NHxPCjnxIe3v
xwr8nGGYfKhJaItjnuqVOJDQM1skaxIbqt8DFegt+OhRRAsZhbaCMG0P0wubgrQ=
=ecSw
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list