Milan Jeskynka Kazatel wrote:
>
> could someone, please, help me with diagnostics, how can I check how many
> records are signed per cycle?
I looked at my zone transfer logs, which give the size of each IXFR
following a zone update. If you don't have any ixfr logs, then you can use
`named-journal
the moment the signing and zone serial increasing causes too many IXFR/
AXFR transactions with slaves.
Best regards,
--
Smil Milan Jeskyňka Kazatel
-- Původní e-mail --
Od: Tony Finch
Komu: Milan Jeskynka Kazatel
Datum: 28. 1. 2020 17:41:30
Předmět: Re: BIND - in loop rewrite
Milan Jeskynka Kazatel wrote:
>
> Then how to achieve to resign the whole zone in one step? Which config
> option should be affected?
I don't believe that is possible with automatic signing. You can do it
yourself with `dnssec-signzone` but that's fiddly and error-prone.
Tony.
--
f.anthony.n.fi
Le 28/01/2020 à 16:49, Milan Jeskynka Kazatel a écrit :
> Hello Tony,
>
> thank you for the response,
>
> If I correctly understand, Bind should have an option to specify how
> many records could be signed at the same time. Then in the zone with
> 250 records it should be 3 times in the row - as
tum: 28. 1. 2020 13:34:33
Předmět: Re: BIND - in loop rewrite zone serial no.
"Milan Jeskynka Kazatel wrote:
>
> Why does Bind keep resign zone in a loop over and over in a few minutes?
It only signs a few records at a time to avoid eating all your CPU (my
server seems to average
Milan Jeskynka Kazatel wrote:
>
> Why does Bind keep resign zone in a loop over and over in a few minutes?
It only signs a few records at a time to avoid eating all your CPU (my
server seems to average 53 records at a time, coincidentally). It spreads
out re-signing according to the sig-validity-
person managing the list at
bind-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of bind-users digest..."
Today's Topics:
1. BIND - in loop rewrite zone serial no. (Milan Jeskynka Kazatel)
2. Re: BIND - in loop
ecific
than "Re: Contents of bind-users digest..."
Today's Topics:
1. BIND - in loop rewrite zone serial no. (Milan Jeskynka Kazatel)
2. Re: BIND - in loop rewrite zone serial no. (FUSTE Emmanuel)
--
Message: 1
D
Le 28/01/2020 à 10:14, Milan Jeskynka Kazatel a écrit :
>
> Hello,
>
> my previous email with the same subject still waiting for moderator
> approval, because email is too big.
> Then I have to ask with a shorter part of the log.
>
> I´m facing with a suspicious behavior of my authoritative DNS BI
Hello,
my previous email with the same subject still waiting for moderator
approval, because email is too big.
Then I have to ask with a shorter part of the log.
I´m facing with a suspicious behavior of my authoritative DNS BIND 9.11.4-P2
-RedHat-9.11.4-9.P2.el7(http://9.11.4-p2-redhat-9.
10 matches
Mail list logo