Auto-dnssec maintain and 'continous' resigning
Alan Clegg
alan at clegg.com
Thu Apr 4 20:43:21 UTC 2013
On Apr 4, 2013, at 12:07 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 04/04/13 16:55, Carlos M. Martinez wrote:
>> Thank you very much for all the bits, certainly very helpful.
>>
>> My problem is that this cycle of zone signing triggers zone number
>> increases and generates dozens of NOTIFY messages and the corresponding
>> zone transfers to all slaves within a short period of time, something
>> which I believe is not very friendly to my gracious slave service
>> providers.
>
> You might ask your secondary if they care. We secondary for some people, and my view is that I don't care if they send me one NOTIFY a minute and I'm constantly doing tiny IXFR - I just don't care, or see why it's a problem.
>
> But I know some people don't like it. We don't send NOTIFY to one of our secondaries for this reason, and that copy of the zone lags by 0->refresh. It's not a huge problem for me, so if you can tolerate it, "notify explicit" might help.
Another option you may be interested in is "notify-delay" - if you don't really need the notifies sent immediately.
AlanC
--
Alan Clegg | +1-919-355-8851 | alan at clegg.com
More information about the bind-users
mailing list