Any chance to do partial sign when RRSIG expires
Tony Finch
dot at dotat.at
Thu Mar 1 11:31:59 UTC 2018
rams <bramesh80 at gmail.com> wrote:
> Currently in bind we are doing auto full sign when RRSIG expires . Is there
> any chance to generate only RRSIGS instead of full sign.
If you pass the existing signed zone to dnssec-signzone it will
incrementally re-sign it as required - see the last example in the man
page.
Or use named's built-in incremental signing.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Viking, North Utsire: Easterly or northeasterly 4 or 5, occasionally 6 in
south Viking. Slight or moderate, occasionally rough in south Viking. Fair.
Good.
More information about the bind-users
mailing list