-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/06/2012 03:06 PM, 刘硕 wrote: >> If you have added new RRs to the unsigned zonefile, you should >> run > >> $ ods-signer sign <zone> > >> to tell OpenDNSSEC there is a new version of the unsigned zone. > > If the zones are newly created at a fixed period, I have to run > "$ods-signer sign --all",right? If I run the command manually, will > the automatic resigning still work? I think so. If so I think there > could be a time the two processes work synchronizely or one after > another when there is no need to do so.
You can either run ods-signer <zone> for each zone, or ods-signer sign - --all to schedule them all. The automatic resigning will still work. The ods-signer sign command is there just to tell OpenDNSSEC there is new zone content. A zone will never be worked on more than once at a time: if a sign task is currently being done, an ods-signer sign command will be scheduled after the current sign task is finished. Best regards, Matthijs > > > Best regards, Stuart -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQH8JMAAoJEA8yVCPsQCW5w3kIAL1Yewjpp3VIMHXcA4GuUtGF Kc93CFQLL7yTAlBF3vMRaf2m/epIJBjO07pqOTnmN/qhSxjv8ZU0wPpFOZ3ZuVN/ RyjOFnm3C7XoGGSNMqoZrj5dZjzX8of9vPZ+CaHDbeJ+pj+oLGDf7YAo7rC/SlF6 n7HwizearmnLbp6a+/wgeAfgY1Qjl5fkk+xyagI5wHYMQT60QdGGlh1+kdFbEa8G SVUCvBJSMmxu8bXksC3bSnCXbxdJUQLkZ3CpjKhE1lEqncE8dw8HT74jIyzsV6un I/0azFQ3YTqhw/4a+cLS8kGrfIa0+Elu4BcioN/AaM0RoTl5px4r+VKzG5xffbE= =IpnK -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
