Shumon Huque wrote:
>
> In recent versions of BIND, the jitter is no longer 1 hour, but spread
> out over the signature validity period.
Oh, nice, I must have looked at a stale branch by accident :-)
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Lundy, Fastnet, Irish Sea: North or northwest 6
On Mon, Sep 9, 2019 at 6:48 AM Tony Finch wrote:
> [...]
> You should find that re-signing gets spread out over time due to update
> activity and because of the randomizing jitter that Mark mentioned. So on
> a more mature zone you might not get such an intense flurry of signature
> updates. The
Brandon Applegate wrote:
>
> Tonight though in about an hour, the serial number was incremented 12
> times and NOTIFYs sent. My home firewall is stable, and my DKIM
> rotation happens monthly via cron. So there’s nothing in the logs
> regarding a DDNS update.
>
> My question is - what could
Named splits the re-signing load up into small chunks so that all the cpu isn’t
consumed signing the zone and the server can still answer question, accept
updates,
etc. It does this by randomly reducing the expiry time by a small amount for
each
chunk it signs, the exception to this is the SOA
Hello,
I just very recently set up all my zones for inline signing + auto maintain.
Prior to this I had cron jobs resigning and it was working okay. But after I
read up on inline/auto I thought it to be much more elegant.
Anyway, basically the behavior I expect and observe is that bind
5 matches
Mail list logo
