On Tue 12/Nov/2019 18:18:52 +0100 Tony Finch wrote: > Alessandro Vesely <ves...@tana.it> wrote: >> >> It doesn't seem to happen every day, but can happen again on the next day. >> Can >> the period be controlled? > > It depends on the size of the zone (bigger zone -> more frequent upates), > how widely scattered the RRSIG expiry times are (which depends on how the > zone is updated and how it was originally signed), how long ago it was > signed (the expiry times have a bit of jitter so they should gradually > spread out over) and on the sig-validity-interval setting.
That makes sense. I left sig-validity-interval at its default (30 days) and from October 19 to November 11 (the dates of the files) there are 23 days, while 30 * (1 - 1/4) = 22.5. Looking closer, I realized that the next day signature was not rewritten in the same view. Perhaps the jitter can be cured by setting a multiple of 4 as the validity interval... Thank you for the detailed explanation Ale -- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
