DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL
Tony Finch
dot at dotat.at
Wed Aug 31 12:50:29 UTC 2016
Aleks Ostapenko <aleks.ostapenko.post at gmail.com> wrote:
>
> Unfortunately, after
>
> 1. rndc freeze myzone
> 2. named-comilezone -f raw -F text -o myzone.text myzone myzone.signed
> change TTL on DNSKEY and RRSIG DNSKEY in myzone.text
> named-comilezone -f text -F raw -o myzone.signed myzone myzone.text
> 3. rndc thaw myzone
>
> TTL in DNSKEY and RRSIG DNSKEY records still have old values in signed zone
> (checked via `dig` locally).
Hmm :-(
Does it work better if you increment the SOA serial number as well?
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Tyne, Dogger, Fisher, German Bight, Humber: Southwest, veering west, 4 or 5.
Slight or moderate. Showers for a time. Good.
More information about the bind-users
mailing list