On 2011-11-08 10:34, rams wrote:
Hi , I have signed zone and already i have resigned two times. Now again i am resigning zone but after resign zone , RRSIG values are not changed. the same old values displaying. Any wrong in me. Could you please guide me how to change RRSIG values.
There could be several issues with this, please give some more info. How are you signing your zone? dnssec-signzone? automatically using bind? Some other software?
If you're using dnssec-signzone and pass it old signed zone data it regenerates signatures only if signature end time falls within a period defaulting to 1/4 signature valitity time (so with default signature period it's 7.5 days). If you re-sign your zone say 10 days in advance, it won't change old signatures. You can change it with -i. Other software probably behaves similarly.
Also, if you're signing your zone off-line and upload it to bind, did you remember to change SOA and reload master?
Regards, Torinthiel _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
