In message <[email protected]>, Phil Mayers writes: > On 04/01/2013 07:36 PM, Carlos M. Martinez wrote: > > Reframing the question in more general terms... Which events trigger a > > zone re-sign and reload when using "auto-dnssec maintain" ? > > As someone else has already said, zone updates, signature expiration and > key events. > > In particular, it's normal for the SOA serial to constantly increase in > a zone with "auto-dnssec maintain", even if nothing else happens, > because the signatures will be regenerated every N days. N depends on > your config, but is 0.75 * default_sig_life (30 days) by default i.e. > signatures are generated every 22.5 days.
Named attempts to spread out re-signing load for a zone over time even is the zone content is essentially static. It takes time to regenerate signatures so you don't want non-threaded builds to stall too long res-signing. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
