On 08/29/2013 03:38 PM, Ondřej Caletka wrote: > Hi, > > Dne 29.8.2013 15:29, Harald A. Irmer napsal(a): >> 3. Zones in /var/opendnssec/signed will be deleted. > > You should not delete already signed zone files. The OpenDNSSEC is smart > enough to do only a minimal change to signed zone files. If you delete > whole file, all signatures would had to be recretated, rendering > unnecessary big change of zone file.
Removing zones from /var/opendnssec/signed does not influence this. All that logic is stored in the /var/opendnssec/tmp directory. Best regards, Matthijs > > Instead, hook the "rsync to all nameservers" action as the > <NotifyCommand> in OpenDNSSEC. DNSSEC signed zones have to be updated > from time to time even if there is no change in the unsigned file > (signature expiration, key rollover, etc.). > > > Regards, > Ondřej Caletka, > CESNET, z. s. p. o. > > > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
