Thank you very much for all the bits, certainly very helpful. My problem is that this cycle of zone signing triggers zone number increases and generates dozens of NOTIFY messages and the corresponding zone transfers to all slaves within a short period of time, something which I believe is not very friendly to my gracious slave service providers.
Since my signer instance does not provide public service, I would rather prefer the signing to be done in a single op and then send a single NOTIFY to slaves. Maybe my problem is 'auto-dnssec maintain', maybe I would be better off with the other options. Looking forward to your thoughts. ~Carlos On 4/3/13 7:48 PM, Mark Andrews wrote: > > In message <515a92a5.3020...@imperial.ac.uk>, Phil Mayers writes: >> On 04/01/2013 07:36 PM, Carlos M. Martinez wrote: >>> Reframing the question in more general terms... Which events trigger a >>> zone re-sign and reload when using "auto-dnssec maintain" ? >> >> As someone else has already said, zone updates, signature expiration and >> key events. >> >> In particular, it's normal for the SOA serial to constantly increase in >> a zone with "auto-dnssec maintain", even if nothing else happens, >> because the signatures will be regenerated every N days. N depends on >> your config, but is 0.75 * default_sig_life (30 days) by default i.e. >> signatures are generated every 22.5 days. > > Named attempts to spread out re-signing load for a zone over time > even is the zone content is essentially static. It takes time to > regenerate signatures so you don't want non-threaded builds to stall > too long res-signing. > >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe >> from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
