[Dnssec-deployment] SOA serial number changes on resigning thoughts
Tony Finch
dot at dotat.at
Fri Feb 4 08:22:09 EST 2011
On Fri, 4 Feb 2011, Patrik Wallström wrote:
>
> And finally, for large zones which is updated at predictable intervals,
> there is the "keep" options. With this options, OpenDNSSEC won't touch
> the zone unless the serial has changed, and only then can we resign the
> zone. This means that the operator of the system must provide new
> updated zone files in order for OpenDNSSEC to output a zone with
> refreshed signatures.
This reminds me of last month's .gi (Gibraltar) outage.
http://dnssec-deployment.org/pipermail/dnssec-deployment/2011-January/004719.html
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO
7, DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE
OR ROUGH. RAIN THEN FAIR. GOOD.
More information about the Dnssec-deployment
mailing list