On Mon, Sep 9, 2019 at 6:48 AM Tony Finch <d...@dotat.at> wrote:
> [...]
> You should find that re-signing gets spread out over time due to update
> activity and because of the randomizing jitter that Mark mentioned. So on
> a more mature zone you might not get such an intense flurry of signature
> updates. The jitter is 1 hour (in normal configurations) and there isn't
> a direct way to change it, unlike the -j option to `dnssec-signzone`.
>
In recent versions of BIND, the jitter is no longer 1 hour, but spread out
over the signature validity period.
I filed an enhancement request about a year ago on this topic, and why BIND
should spread out the jitter:
https://gitlab.isc.org/isc-projects/bind9/issues/418
The changes first appeared in BIND 9.12.3 I believe.
Shumon Huque
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
