Hello. I'm using BIND 9.9.5. My steps:
1. Sign zone using one 1 ZSK and 2 KSK: a) adding "*auto-dnssec maintain;*" and "*inline-signing yes;*" directive into zone section of named.conf; b) setting publication and activation timestamps to current time in key files; c) *rndc reload*. 2. Change TTL value in the zone file ($TTL 86400 ==> $TTL 432000). 3. Increase serial number in SOA record by 1. 4. *rndc reload*. After that - DNSKEY and RRSIG DNSKEY records still have 86400 value in TTL (checked via *dig*). What could be the reason for such behavior? Kind regards, Aleks Ostapenko
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users