DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL
Mark Andrews
marka at isc.org
Tue Aug 16 01:59:25 UTC 2016
In message <CAMUgSQDxY_BnEgnAe4eQpoV_cHb7ScZ=qxT_-4CVW3nLokctag at mail.gmail.com>
, =?UTF-8?B?0JDQu9C10LrRgdCw0L3QtNGAINCe0YHRgtCw0L/QtdC90LrQvg==?= writes:
> Hello.
>
> I'm using BIND 9.9.5.
> My steps:
>
> 1. Sign zone using one 1 ZSK and 2 KSK: a) adding "*auto-dnssec
> maintain;*" and "*inline-signing yes;*" directive into zone section of
> named.conf; b) setting publication and activation timestamps to current
> time in key files; c) *rndc reload*.
> 2. Change TTL value in the zone file ($TTL 86400 ==> $TTL 432000).
> 3. Increase serial number in SOA record by 1.
> 4. *rndc reload*.
>
> After that - DNSKEY and RRSIG DNSKEY records still have 86400 value in TTL
> (checked via *dig*).
> What could be the reason for such behavior?
>
>
> Kind regards,
> Aleks Ostapenko
Use "dnssec-settime -L ttl"
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list