Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-09-02 Thread Aleks Ostapenko
2016-08-31 19:50 GMT+07:00 Tony Finch : > Aleks Ostapenko wrote: > > > > Unfortunately, after > > > > 1. rndc freeze myzone > > 2. named-comilezone -f raw -F text -o myzone.text myzone myzone.signed > > change TTL on DNSKEY and RRSIG DNSKEY in myzone.text > > named-comilezone -f text -F

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-31 Thread Tony Finch
Aleks Ostapenko wrote: > > Unfortunately, after > > 1. rndc freeze myzone > 2. named-comilezone -f raw -F text -o myzone.text myzone myzone.signed > change TTL on DNSKEY and RRSIG DNSKEY in myzone.text > named-comilezone -f text -F raw -o myzone.signed myzone myzone.text > 3. rndc thaw myz

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-29 Thread Aleks Ostapenko
2016-08-25 17:16 GMT+07:00 Tony Finch : > Aleks Ostapenko wrote: > > > > Then I made `rndc freeze `. But after this command - the > > signed zone file (`.signed`) still remain > > in raw format (not text readable) - so I can read it via > > `named-compilezone` utility, but unfortunately I can't c

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-25 Thread Thomas Schulz
> In message > > , =?UTF-8?B?0JDQu9C10LrRgdCw0L3QtNGAINCe0YHRgtCw0L/QtdC90LrQvg==?= writes: > > Hello. > > > > I'm using BIND 9.9.5. > > My steps: > > > >1. Sign zone using one 1 ZSK and 2 KSK: a) adding "*auto-dnssec > >maintain;*" and "*inline-signing yes;*" directive into zone secti

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-25 Thread Tony Finch
Aleks Ostapenko wrote: > > Then I made `rndc freeze `. But after this command - the > signed zone file (`.signed`) still remain > in raw format (not text readable) - so I can read it via > `named-compilezone` utility, but unfortunately I can't change it. Ah, I should have checked that more thorou

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-24 Thread Aleks Ostapenko
To make zone dinamically updated - I added into `zone` section of named.conf 'allow-update { any; };' directive and made `rndc reload` after that. Then I made `rndc freeze `. But after this command - the signed zone file (`.signed`) still remain in raw format (not text readable) - so I can read it

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-23 Thread Andreas Meyer
Tony Finch schrieb am 23.08.16 um 10:45:15 Uhr: > Aleks Ostapenko wrote: > > > As for second variant - unfortunately I don't know how to edit manually TTL > > in the signed (not raw) master file. > > (1) Use `rndc freeze` which makes `named` rewrite the zone file with all > pending changes f

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-23 Thread Tony Finch
Aleks Ostapenko wrote: > As for second variant - unfortunately I don't know how to edit manually TTL > in the signed (not raw) master file. (1) Use `rndc freeze` which makes `named` rewrite the zone file with all pending changes from the journal, and makes it stop making further changes to the z

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-23 Thread Aleks Ostapenko
Thanks. But in case with `nsupdate` - yes, this is unsigning/signing case, which I would like to avoid. As for second variant - unfortunately I don't know how to edit manually TTL in the signed (not raw) master file. Kind regards, Aleks Ostapenko ___ P

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-22 Thread Tony Finch
Александр Остапенко wrote: > Thanks for a workaround. But in this case - after "dnssec-settime -L ttl" I > need unsign/sign zone (p.1 of steps above) in order to new TTL value > appeared in DNSKEY RRset ("service bind9 reload" or "rndc loadkeys" has no > effect). But I would like to find a soluti

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-16 Thread Александр Остапенко
Thanks for a workaround. But in this case - after "dnssec-settime -L ttl" I need unsign/sign zone (p.1 of steps above) in order to new TTL value appeared in DNSKEY RRset ("service bind9 reload" or "rndc loadkeys" has no effect). But I would like to find a solution without the need of unsigning/sign

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-15 Thread Mark Andrews
In message , =?UTF-8?B?0JDQu9C10LrRgdCw0L3QtNGAINCe0YHRgtCw0L/QtdC90LrQvg==?= writes: > Hello. > > I'm using BIND 9.9.5. > My steps: > >1. Sign zone using one 1 ZSK and 2 KSK: a) adding "*auto-dnssec >maintain;*" and "*inline-signing yes;*" directive into zone section of >named.con

DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-15 Thread Александр Остапенко
Hello. I'm using BIND 9.9.5. My steps: 1. Sign zone using one 1 ZSK and 2 KSK: a) adding "*auto-dnssec maintain;*" and "*inline-signing yes;*" directive into zone section of named.conf; b) setting publication and activation timestamps to current time in key files; c) *rndc reload*.