Milan Jeskynka Kazatel wrote:
>
> Then how to achieve to resign the whole zone in one step? Which config
> option should be affected?
I don't believe that is possible with automatic signing. You can do it
yourself with `dnssec-signzone` but that's fiddly and error-prone.
Tony.
--
f.anthony.n.fi
Le 28/01/2020 à 16:49, Milan Jeskynka Kazatel a écrit :
> Hello Tony,
>
> thank you for the response,
>
> If I correctly understand, Bind should have an option to specify how
> many records could be signed at the same time. Then in the zone with
> 250 records it should be 3 times in the row - as
Hello Tony,
thank you for the response,
If I correctly understand, Bind should have an option to specify how many
records could be signed at the same time. Then in the zone with 250 records
it should be 3 times in the row - as you mentioned: "53 records at a time"
if it could be the number
Also, now I *can* make changes to zone data, and rndc reload updates also the
signed zone data like before. Could it be that handling/format of the signed
files were changed somehow between versions, and new 9.14.9 could not properly
handle the 9.14.6/7 created signed files..? Just wondering,
Same here
See also
https://serverfault.com/questions/897894/bind-is-not-resigning-dnssec-zone-after-zone-update-and-service-restart
Ale
On Thu 23/Jan/2020 09:57:02 +0100 Jukka Pakkanen wrote:
> Yes, that worked. Also had to delete the .jnl, to prevent the "not exact"
> error..
>
> Jukka
>
>
Milan Jeskynka Kazatel wrote:
>
> Why does Bind keep resign zone in a loop over and over in a few minutes?
It only signs a few records at a time to avoid eating all your CPU (my
server seems to average 53 records at a time, coincidentally). It spreads
out re-signing according to the sig-validity-
scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200128/384ad
214/attachment-0001.htm>
--
Message: 2
Date: Tue, 28 Jan 2020 09:17:54 +
From: FUSTE Emmanuel
To: "bind-users@lists.isc.org"
Subject: Re: BIND - in loop rewrite zone
ing zone keys
Could you please help me with troubleshooting?
Best regards,?
--
Smil Milan Jesky?ka Kazatel
-- next part --
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200128/384ad
214/attachment-0001.htm>
Le 28/01/2020 à 10:14, Milan Jeskynka Kazatel a écrit :
>
> Hello,
>
> my previous email with the same subject still waiting for moderator
> approval, because email is too big.
> Then I have to ask with a shorter part of the log.
>
> I´m facing with a suspicious behavior of my authoritative DNS BI
Hello,
my previous email with the same subject still waiting for moderator
approval, because email is too big.
Then I have to ask with a shorter part of the log.
I´m facing with a suspicious behavior of my authoritative DNS BIND 9.11.4-P2
-RedHat-9.11.4-9.P2.el7(http://9.11.4-p2-redhat-9.
10 matches
Mail list logo
