BIND - in loop rewrite zone serial no.
Milan Jeskynka Kazatel
KazatelM at seznam.cz
Thu Jan 30 09:03:21 UTC 2020
Hello Tony, and community,
could someone, please, help me with diagnostics, how can I check how many
records are signed per cycle? Can CPU and RAM increasing help to prevent
this behavior? Could it help to sign the zone in one step and reduce signing
to only one Zone serial increasing?
At the moment the signing and zone serial increasing causes too many IXFR/
AXFR transactions with slaves.
Best regards,
--
Smil Milan Jeskyňka Kazatel
---------- Původní e-mail ----------
Od: Tony Finch <dot at dotat.at>
Komu: Milan Jeskynka Kazatel <KazatelM at seznam.cz>
Datum: 28. 1. 2020 17:41:30
Předmět: Re: BIND - in loop rewrite zone serial no.
"Milan Jeskynka Kazatel <KazatelM at seznam.cz> wrote:
>
> Then how to achieve to resign the whole zone in one step? Which config
> option should be affected?
I don't believe that is possible with automatic signing. You can do it
yourself with `dnssec-signzone` but that's fiddly and error-prone.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Portland, Plymouth: West 7 to severe gale 9, decreasing 4 or 5 later. Rough
or
very rough, occasionally high at first. Squally showers. Good, occasionally
moderate.
"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200130/1787d017/attachment.htm>
More information about the bind-users
mailing list