dnssec-policy - any way to force bind to resign all records ?
vom513
vom513 at gmail.com
Fri Dec 16 02:29:28 UTC 2022
Sorry to self-reply…
I’m still getting used to dnssec-policy. With the RRSIGs directly in the zone file now I was having some trouble. I think I got it now - I needed to change the TTL on a given RR, and delete the RRSIG for that RR. Lather, rinse, repeat for any/all other RR’s. BIND will make new RRSIGs for these “new” RRs (new by virtue of having a diff TTL and no RRSIG…) I think it makes sense now - but I welcome any other clarification or comments.
Sorry for the noise. Thanks.
More information about the bind-users
mailing list