On 10/7/2014 7:39 PM, Terry Burton wrote:
Separate the data provider and DNS infrastructure provider and this predicament ensues.
Ah, but here-in lies trouble. You are becoming the data provider as soon as you do the signing on the data. But I digress.
What about "rndc sign -force" that would cause a resigning (which is really what you are looking for) even if the data does not appear to the signing server to have changed. That would maintain the integrity of the "source" data by not needing to change it at all and would also "do the right thing" with the serial number.
AlanC _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users