[Opendnssec-user] Our unsigned zones change every 5 minutes - will they automatically be signed?

Matthijs Mekking matthijs at nlnetlabs.nl
Thu Aug 29 13:59:47 UTC 2013

On 08/29/2013 03:38 PM, Ondřej Caletka wrote:
> Hi,
> Dne 29.8.2013 15:29, Harald A. Irmer napsal(a):
>> 3. Zones in /var/opendnssec/signed will be deleted.
> You should not delete already signed zone files. The OpenDNSSEC is smart
> enough to do only a minimal change to signed zone files. If you delete
> whole file, all signatures would had to be recretated, rendering
> unnecessary big change of zone file.

Removing zones from /var/opendnssec/signed does not influence this. All
that logic is stored in the /var/opendnssec/tmp directory.

Best regards,

> Instead, hook the "rsync to all nameservers" action as the
> <NotifyCommand> in OpenDNSSEC. DNSSEC signed zones have to be updated
> from time to time even if there is no change in the unsigned file
> (signature expiration, key rollover, etc.).
> Regards,
> Ondřej Caletka,
> CESNET, z. s. p. o.
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

More information about the Opendnssec-user mailing list