On May 28, 2010, at 5:11 PM, Michelle Konzack wrote: > > I have updated the serialnumber manualy and it just updated <dns2>... > > OK, now I have tried the second Zone > > <http://dnsviz.net/d/itsystems.tamay-dogan.net/dnssec/> > > but it tell me: > > RRSIG itsystems.tamay-dogan.net/SOA by 005+19470: Signature is bogus > > realy weird, because the Zone is like others. How can I check this? >
To have dnssec-signzone increment the zone automatically, use the '-N increment' option. If you simply increment the serial of an already signed zone without updating the signature, the signature no longer matches because the SOA record has changed. This assumes a non-dynamic (i.e., manually updated) zone. If you submit updates to a dynamic zone, as Mark suggested, the serial will be updated and resigned as part of the update. Regards, Casey _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users