DNSSEC ZSK rollover
Evan Hunt
each at isc.org
Fri Aug 28 21:24:19 UTC 2015
On Fri, Aug 28, 2015 at 07:24:23PM +0200, Robert Senger wrote:
> Is that the intended behaviour, or do I miss a point to get the zones
> resigned in one single action (and transfered with one single IXFR)
> rather than getting each RR resigned separately?
It is intentional; it spreads out the work of resigning over a longer
period of time to reduce the load on the server. (And a lot of people
prefer smaller IXFRs anyway.)
You can adjust the resigning interval, or force a full resign with
"rndc sign".
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list