Hi BIND, Anyone know if there is a good way to force named to resign a single host record? (e.g. without generating new ZSKs, etc.?)
An ntp glitch recently caused our master nameserver to jump many hours into the future, whereupon it began issuing invalid (to the world) RRSIGs with an inception time many hours into the future. After correcting the server time, named's signature rollover algorithm didn’t pick up on the fact that there were invalid RRSIGs (even after restarting the named process), so we were left with manually repairing them. We ended up modifying the TTLs (thus forcing named to update the RRSIGs), and then restoring the TTLs to their previous state. It seems like there should be a better way… was that the "best" approach? ( Even better, it seems like named could automagically correct for this particular problem – if we can put it on the wishlist ;-) ) Thoughts? Thanks in advance, Mathew Eis Northern Arizona University Information Technology Services
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
