In message <4d4ef872.6070...@restena.lu>, Gilles Massen writes: > Chris, > > thanks for the hint, but: > > > On 6/2/11 19:20 , Chris Thompson wrote: > > On Feb 6 2011, Gilles Massen wrote: > > > >> I have a very peculiar behavior: a zone, signed by OpenDNSSEC and > >> pushed to Bind 9.7.2-P3 by scp was working fine. But now, completely > >> out of the blue, Bind decides to claim some authority over the zone: > >> the SOA RRSIG (only that one) is scrapped, and this is logged: > > [...] > > > Presumably you are defining the zone to BIND as "type master". > > Yes. > > > Does your configuration also have an "allow-update" setting > > (other than "none") for it, maybe only for the instance that > > is giving you trouble? In that case BIND will take it that you > > want it to do resigning as the RRSIGs approach expiry. > > The only allow-update is in the options section, and none.
Get rid of the allow-update and allow the default of no acl to work. > BTW, the config has not changed in months, only the zone got only > signed. Besides, at least the SOA RRSIG is pretty recent. Other > signatures that disappear are still 7 days from expiry. > > Best, > Gilles > > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users