> Just don’t do that, there’s no sensible reason to change salt that often (or > ever). I don’t know where the advice to change salt often comes from, but > the advice has been wrong for so many years.
I agree that re-salting is kind of pointless (we still do it for .ch though because so far I've been to lazy to change the code) but here is one reference where it is recommended. The salt SHOULD be changed periodically to prevent pre-computation using a single salt. It is RECOMMENDED that the salt be changed for every re-signing. https://tools.ietf.org/html/rfc5155#appendix-C.1 >> What could be the reason for the performance decline? > > We are currently investigating performance degradation related to big IXFRs. > Do you use ixfr-from-differences in your BIND configuration? You could try > enforcing AFRX on salt change. I use "max-journal-size" to force AXFR on big changes. A good value depends on your zone size. Daniel _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
