DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL
Tony Finch
dot at dotat.at
Tue Aug 23 09:45:15 UTC 2016
Aleks Ostapenko <aleks.ostapenko.post at gmail.com> wrote:
> As for second variant - unfortunately I don't know how to edit manually TTL
> in the signed (not raw) master file.
(1) Use `rndc freeze` which makes `named` rewrite the zone file with all
pending changes from the journal, and makes it stop making further changes
to the zone.
(2) The signed zone file will normally be in standard text format, so you
can just run the editor of your choice on the file. Change the TTLs of all
the DNSKEY records and the RRSIG DNSKEY to what you want.
(3) Run `rndc thaw` to make `named` reload the zone and permit it to make
changes.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Southeast Fitzroy: Northerly or northwesterly, 4 or 5, increasing 6 at times.
Slight or moderate. Occasional rain. Good, occasionally poor.
More information about the bind-users
mailing list