Hi, Dne 29.8.2013 15:29, Harald A. Irmer napsal(a): > 3. Zones in /var/opendnssec/signed will be deleted.
You should not delete already signed zone files. The OpenDNSSEC is smart enough to do only a minimal change to signed zone files. If you delete whole file, all signatures would had to be recretated, rendering unnecessary big change of zone file. Instead, hook the "rsync to all nameservers" action as the <NotifyCommand> in OpenDNSSEC. DNSSEC signed zones have to be updated from time to time even if there is no change in the unsigned file (signature expiration, key rollover, etc.). Regards, Ondřej Caletka, CESNET, z. s. p. o.
smime.p7s
Description: Elektronicky podpis S/MIME
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
