Tony Finch <d...@dotat.at> schrieb am 23.08.16 um 10:45:15 Uhr: > Aleks Ostapenko <aleks.ostapenko.p...@gmail.com> wrote: > > > As for second variant - unfortunately I don't know how to edit manually TTL > > in the signed (not raw) master file. > > (1) Use `rndc freeze` which makes `named` rewrite the zone file with all > pending changes from the journal, and makes it stop making further changes > to the zone. > > (2) The signed zone file will normally be in standard text format, so you > can just run the editor of your choice on the file. Change the TTLs of all > the DNSKEY records and the RRSIG DNSKEY to what you want. > > (3) Run `rndc thaw` to make `named` reload the zone and permit it to make > changes.
This is the most important information for resigning a zone so that a change is noticed in a signed zone and it is missing in https://deepthought.isc.org/article/AA-00711/0/In-line-Signing-With-NSEC3-in-BIND-9.9-A-Walk-through.html It took me hours to find out: rndc freeze domain.de edit domain.de rndc reload domain.de rndc thaw domain.de Greetings Andreas
pgpdt3bS5coyh.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
