On 5/27/2010 1:43 AM, rams wrote: > How do we resign the signed zone? What is the command to do the RESIGNING ?
Run dnssec-signzone on the signed zone file. I recommend that you: mv example.com.signed example.com vi example.com dnssec-signzone example.com rndc reload example.com Note that either the edit of example.com or the running of dnssec-signzone you need to increment the serial number. You also need to make sure that you supply the same (or similar) arguments to dnssec-signzone when you re-sign the data as you did to begin with... Re-keying (roll-over, algorithm change, etc) is a different (unasked) question that is significantly more complex. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
