The best way is to configure you zone for dynamic updates and let named automatically resign the zone as needed.
> On 14 Dec 2018, at 11:13 am, Edwardo Garcia <wdgar...@gmail.com> wrote: > > Hi, > What is the best practice for signing/re-singing zones with journal? > > We manually resign our domain, and use journaling, resigning is a PIA. > if we forget to thaw, the zone bails and stays unloaded because journal roll > forward error, which bring the question why? since resolution to this is stop > named, remove journal file and restart, could named and rndc not be smarter > in these instance? or at very least, reload zone from file so at least it > does not take unsuspecting peoples off air. > > So, way we (try to remember to) do is: > (modify zonefile if need) > rndc freeze > dnssec-signzone -options > rndc thaw > > or is better way? it is the freeze/thaw we keep forgetting :-! > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
