[Opendnssec-user] Our unsigned zones change every 5 minutes - will they automatically be signed?
Matthijs Mekking
matthijs at nlnetlabs.nl
Thu Aug 29 13:59:47 UTC 2013
On 08/29/2013 03:38 PM, Ondřej Caletka wrote:
> Hi,
>
> Dne 29.8.2013 15:29, Harald A. Irmer napsal(a):
>> 3. Zones in /var/opendnssec/signed will be deleted.
>
> You should not delete already signed zone files. The OpenDNSSEC is smart
> enough to do only a minimal change to signed zone files. If you delete
> whole file, all signatures would had to be recretated, rendering
> unnecessary big change of zone file.
Removing zones from /var/opendnssec/signed does not influence this. All
that logic is stored in the /var/opendnssec/tmp directory.
Best regards,
Matthijs
>
> Instead, hook the "rsync to all nameservers" action as the
> <NotifyCommand> in OpenDNSSEC. DNSSEC signed zones have to be updated
> from time to time even if there is no change in the unsigned file
> (signature expiration, key rollover, etc.).
>
>
> Regards,
> Ondřej Caletka,
> CESNET, z. s. p. o.
>
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
More information about the Opendnssec-user
mailing list