@lbutlr <krem...@kreme.com> wrote: > > No. I was under the impression that when bind reloaded (rndc reload > and/or service named stop/start and/or service named reload) and saw a > new serial number, it would generate a new .signed file for that zone as > part of the process of refreshing its information and notifying the > slaves.
It's all incremental these days, because regenerating the signed zone from scratch can be very expensive. In general, if you are using modern features like update-policy and auto-dnssec, then `named` considers that it has complete responsibility for the zone files (because it needs to be able to update them whenever necessary), which is why you have to explicitly freeze and thaw them. As far as I know, inline-signing doesn't allow you to escape this requirement, but I don't use it so I may be wrong. > So, right now, given that I did not freeze/thaw nor did I make the edits > via nsupdate, how do I get the .signed files to be regenerated from the > existing example.com zone file? Stop the server, delete the .signed and .signed.jnl files, and restart the server. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ sovereignty rests with the people and authority in a democracy derives from the people _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
