回复: Re: [Opendnssec-user]New zone can not be digged after resigning
Matthijs Mekking
matthijs at nlnetlabs.nl
Mon Aug 6 13:10:36 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/06/2012 03:06 PM, 刘硕 wrote:
>> If you have added new RRs to the unsigned zonefile, you should
>> run
>
>> $ ods-signer sign <zone>
>
>> to tell OpenDNSSEC there is a new version of the unsigned zone.
>
> If the zones are newly created at a fixed period, I have to run
> "$ods-signer sign --all",right? If I run the command manually, will
> the automatic resigning still work? I think so. If so I think there
> could be a time the two processes work synchronizely or one after
> another when there is no need to do so.
You can either run ods-signer <zone> for each zone, or ods-signer sign
- --all to schedule them all. The automatic resigning will still work.
The ods-signer sign command is there just to tell OpenDNSSEC there is
new zone content. A zone will never be worked on more than once at a
time: if a sign task is currently being done, an ods-signer sign
command will be scheduled after the current sign task is finished.
Best regards,
Matthijs
>
>
> Best regards, Stuart
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJQH8JMAAoJEA8yVCPsQCW5w3kIAL1Yewjpp3VIMHXcA4GuUtGF
Kc93CFQLL7yTAlBF3vMRaf2m/epIJBjO07pqOTnmN/qhSxjv8ZU0wPpFOZ3ZuVN/
RyjOFnm3C7XoGGSNMqoZrj5dZjzX8of9vPZ+CaHDbeJ+pj+oLGDf7YAo7rC/SlF6
n7HwizearmnLbp6a+/wgeAfgY1Qjl5fkk+xyagI5wHYMQT60QdGGlh1+kdFbEa8G
SVUCvBJSMmxu8bXksC3bSnCXbxdJUQLkZ3CpjKhE1lEqncE8dw8HT74jIyzsV6un
I/0azFQ3YTqhw/4a+cLS8kGrfIa0+Elu4BcioN/AaM0RoTl5px4r+VKzG5xffbE=
=IpnK
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list