In message <CAMUgSQDxY_BnEgnAe4eQpoV_cHb7ScZ=qxt_-4cvw3nlokc...@mail.gmail.com> , =?UTF-8?B?0JDQu9C10LrRgdCw0L3QtNGAINCe0YHRgtCw0L/QtdC90LrQvg==?= writes: > Hello. > > I'm using BIND 9.9.5. > My steps: > > 1. Sign zone using one 1 ZSK and 2 KSK: a) adding "*auto-dnssec > maintain;*" and "*inline-signing yes;*" directive into zone section of > named.conf; b) setting publication and activation timestamps to current > time in key files; c) *rndc reload*. > 2. Change TTL value in the zone file ($TTL 86400 ==> $TTL 432000). > 3. Increase serial number in SOA record by 1. > 4. *rndc reload*. > > After that - DNSKEY and RRSIG DNSKEY records still have 86400 value in TTL > (checked via *dig*). > What could be the reason for such behavior? > > > Kind regards, > Aleks Ostapenko
Use "dnssec-settime -L ttl" Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
