Chris,
thanks for the hint, but:
On 6/2/11 19:20 , Chris Thompson wrote:
On Feb 6 2011, Gilles Massen wrote:
I have a very peculiar behavior: a zone, signed by OpenDNSSEC and
pushed to Bind 9.7.2-P3 by scp was working fine. But now, completely
out of the blue, Bind decides to claim some authority over the zone:
the SOA RRSIG (only that one) is scrapped, and this is logged:
[...]
Presumably you are defining the zone to BIND as "type master".
Yes.
Does your configuration also have an "allow-update" setting
(other than "none") for it, maybe only for the instance that
is giving you trouble? In that case BIND will take it that you
want it to do resigning as the RRSIGs approach expiry.
The only allow-update is in the options section, and none.
BTW, the config has not changed in months, only the zone got only
signed. Besides, at least the SOA RRSIG is pretty recent. Other
signatures that disappear are still 7 days from expiry.
Best,
Gilles
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
