[Dnssec-deployment] SOA serial number changes on resigning thoughts

[Paul Wouters]

On Thu, 3 Feb 2011, Florian Weimer wrote:

>> Only if you want to AXFR the zone every time.  IXFR needs the serial to
>> be sent.
>
> I'm not sure if this is an issue in Bert's case.  If you resign from
> scratch, at least three quarters of the RRsets change anyway, so IXFR
> is not very effective.

That's why you spread out the RRSIG expiry and re-use RRSIGs

Paul