[Opendnssec-user] Our unsigned zones change every 5 minutes - will they automatically be signed?

Ondřej Caletka Ondrej.Caletka at cesnet.cz
Thu Aug 29 13:38:42 UTC 2013


Dne 29.8.2013 15:29, Harald A. Irmer napsal(a):
> 3. Zones in /var/opendnssec/signed will be deleted.

You should not delete already signed zone files. The OpenDNSSEC is smart
enough to do only a minimal change to signed zone files. If you delete
whole file, all signatures would had to be recretated, rendering
unnecessary big change of zone file.

Instead, hook the "rsync to all nameservers" action as the
<NotifyCommand> in OpenDNSSEC. DNSSEC signed zones have to be updated
from time to time even if there is no change in the unsigned file
(signature expiration, key rollover, etc.).

Ondřej Caletka,
CESNET, z. s. p. o.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5563 bytes
Desc: Elektronicky podpis S/MIME
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20130829/6cd3edc6/attachment.bin>

More information about the Opendnssec-user mailing list