On 10 April 2018 at 12:05, rams <brames...@gmail.com> wrote: > Hi > Greetings!!!!!! > We have 1Million signed zone records in bind. My zone is going to > auto-resign after 3 days. If we change RRSIG expire date to greater than > two months from now then if restart bind, Can we avoid auto-resign in this > week? is there any impact on resolution or is my zone is valid? what we > would need to do to make my zone is valid after changing rrsig expire date > value manually. DO we need to change any other values along with RRSIG > expire value. Kindly look into this. > > The details of your configuration are probably important here. It'll be difficult to give a clear, simple answer without that information.
However, if your have RRSIGs expiring this week then one of two things will happen: either they will be resigned this week, or your zone will go bogus. If you have RRSIGs expiring and you manage to delay the next re-sign out beyond that date, then the signatures you have currently will expire. If you simply change the signature lifetime (and you have RRSIGs expiring this week) then after your re-sign happens the new RRSIGs will have the new signature lifetime, which would delay the need for the _next_ re-sign.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list email@example.com https://lists.isc.org/mailman/listinfo/bind-users